Putting  PC  blades  to  the  test 

A  Chicago-area  healthcare  company  cites  security,  cost 
savings  for  desktop  overhaul. 

PAGE  23. 


Lowenstein 


Face-Off:  Mobile  management 

Should  companies  strictly  control  employee  use  of  mobile  devices?  Mark 
Lowenstein  of  Mobile  Ecosystem  and  Lucy  McQuilken  of  Intel  Capital 
square  off.  PAGE  35. 
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The  CEO’s  sidekick 

All  the  world's  a  stage  for  demo  guy  Jim  Grubb. 

BY  PHIL  HOCHMUTH 

isco  CEO  John 
Chambers  often 
gets  topical  dur¬ 
ing  his  trade  show 
keynotes.  At  a  recent 
event,  he  spent  several 
minutes  outlining  a 
litany  of  IT  headaches 
facing  the  U.S.  health¬ 
care  industry  and  of 
course,  some  of 
Cisco’s  high-tech 
aspirin. 

“And  now  I’m  going 

to  ask  Jim  Grubb,  my  friend  and  business  partner  for  many 
years,  to  come  up  here  and  show  us,  in  less  than  10  minutes, 
how  all  these  technologies  I’ve  talked  about  today  are  going  to 
solve  all  the  problems  in  the  healthcare  industry 

See  Grubb,  page  12 


Jim  Grubb,  Cisco's  chief  demo  officer,  on 
stage  with  John  Chambers,  right. 


August  1,2005  ■  Volume  22,  Number 30 

Router  flaw 


sparks 

Cisco  and  critics  spar 
over  what  constitutes 
responsible  disclosure. 

BY  ELLEN  MESSMER  AND  PHIL  HOCHMUTH 

LAS  VEGAS  —  Researcher  Michael  Lynn  quit  his 
job  at  Internet  Security  Systems  last  week,  then 
defied  ISS  and  Cisco  by  revealing  that  unpatched 
Cisco  routers  can  be  hacked  by  a  buffer-overflow 
exploit.  Until  then,  corporate  network  managers  were 
largely  unaware  of  the  risk. 

Cisco  and  ISS  had  known  for  months.  And  it’s 
feared  that  hackers  knew,  too,  as  Chinese  bulletin 
boards  are  said  to  have  contained  at  least  some 
knowledge  of  the  vulnerability 


battle 

The  confluence  of  events  —  all  coming  to  a  head 
last  week  at  the  Black  Hat  security  conference  — 
has  reignited  the  long-smoldering  debate  over  what 
constitutes  responsible  disclosure 
of  security  risks.  Cisco  insists  that  I  Future  of 
Lynn  acted  both  irresponsibly  and  firewalls,  VoIP 
illegally,  and  obtained  a  court  security,  also 
order  barring  him  and  show  orga-  jjraw  attention 
nizers  from  further  disclosures.  at  Black  Hat. 

“The  actions  against  Mr.  Lynn  and  p^QE  14. 

Black  Hat  were  not  based  on  the 
fact  that  the  flaw  was  identified,  rather  that  they  chose 
to  address  the  issue  outside  of  established  industry 
practices  and  procedures  for  responsible  disclosure,” 
Cisco  said  in  a  statement,  adding  what  Lynn  did  “was 
not  in  the  best  interest  of  protecting  the  Internet.” 

See  Black  Hat,  page  14 


Federal  mandate  to  boost  IPv6,  but . . . 


BY  CARA  GARRETSON 

The  federal  government’s  man¬ 
dated  move  to  IPv6  over  the  next 
few  years  is  expected  to  also 
spur  demand  for  the  upgraded 
protocol  in  portions  of  the  pri¬ 
vate  sector. 

However,  many  enterprise  net¬ 
work  executives,  with  no  equiva¬ 


lent  of  a  government  mandate  to 
force  adoption,  will  still  need  a 
good  reason  to  make  the  switch, 
experts  say 

The  Office  of  Management  and 
Budget  (OMB)  plans  to  set  policy 
soon  that  will  compel  all  federal 
agencies  to  upgrade  their  net¬ 
work  backbones  to  IPv6  by  2008, 


with  the  expectation  that  upgrad¬ 
ing  applications  and  other  com¬ 
ponents  will  follow.  The  OMB  is 
charged  with  supervising  the 
effectiveness  of  programs,  policies 
and  proce-  4  „  , 
dures  set  by 
agencies  in  the  0  na  1 


Johnson  opines 
that  IPv6's  time 
has  yet  to  come. 
PAGE  31. 


executive 
branch,  among 
other  things. 

The  Depart¬ 
ment  of  Defense  required  its  own 
upgrade  to  IPv6  by  2008  and  is 
working  with  the  protocol.  But 
other  federal  agencies  have  little 
experience  with  or  interest  in 
IPv6,  even  though  the  protocol  is 
10  years  old  and  touted  by  some 
See  IPv6,  page  53 
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Mr.  50,000  Global 
Remote  and  Mobile 
Users  Connected 
Without  a  VPN. 

NISSAN 


jjgPpfrjUthB MufiflpVvs  !o(u>.  Windows  Sefv 
other  countries.  %  names  of  actual  coni| 


mom  .$*rtwSytit*rn.jit)ii  'Vour  pot’;1  rial.  Our  pisr-ion"  ire  either  registered  tiaaenurb 
spnd  product'’  mentioned  herti'i  iifc,  be  the  trudctiutls  erf  tl.eir  respective  owners 


"At  Nissan,  we  expect  to  save  at  least  $135  million  annually 
thanks  to  the  efficiencies  that  Windows  Server  2003  and 
Exchange  Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd 


Make  a  name  for  yourself  with  Windows  Server  System. 

An  upgrade  to  Microsoft  Windows  Server  System 
made  it  possible  for  50,000  worldwide  employees 
at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars 
from  any  Internet  connection,  without  the  hassle 
and  expense  of  a  VPN.  Here's  how:  By  deploying 
Windows  Server  2003  and  Exchange  2003,  not  only 
did  Nissan  IT  meet  the  CEO's  demand  for  better  global 
collaboration,  they  expect  to  save  at  least  $135  million 
by  streamlining  their  messaging  infrastructure. 
To  get  the  full  Nissan  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 


Windows 
Server  System 


Windows  Server  System™  includes: 


Server  Platform  Windows  Server™ 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server™ 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint'  Portal  Server 

Integration 

BizTalk'  Server 

Management 

Systems  Management  Server 

Microsoft'  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 


DON’T  LET 
SPYWARE 
SABOTAGE  YOUR 
ENTERPRISE. 


The  next  threat  is  no  threat  with  Trend  Micro. 

Expose  and  eradicate  spyware  with  Trend  Micro's  Enterprise-class,  multi-level, 
anti-spyware  solutions.  They're  the  only  solutions  that  block  and  clean  at  the  gateway — 
the  most  effective  point  of  control.  Trend  Micro.  #1  global  leader  at  the  gateway  and 
industry  pioneer.  Whether  it's  a  virus,  worm,  spyware,  or  spam,  we’ve  got  you  covered. 


For  a  FREE  evaluation  and  IDC  whitepaper, 
go  to  www.trendmicro.com/spyware 


©2005  Trend  Micro  Inc.  All  rights  reserved  Trend  Micro  end  the  t-ball  logo  are 
trademarks  or  registered  trademarks  of  Trend  Micro  Inc.  All  other  company  and/or 
product  names  may  be  trademarks  or  registered  trademarks  of  their  owners. 
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News 

8  WLAN  vendors  make  summer  splash. 

10  Microsoft  offers  look  at  new  Vista. 

10  MCI  boosts  Its  SLAs. 

10  Senator  files  bill  to  loosen  broadband  regulation. 

14  Black  Hat  event  highlights  RFID  and  VoIP. 

16  Avaya  bolsters  automated  voice  apps. 

17  Time  change  poses  no  Y2K  replay 

17  Windows  x64  calls  for  32-bit  rewrites. 

53  Fitfitsu  software  makes  sense  of  enterprise  information. 


Net  Infrastructure 

19  Apps  acceleration  market  in  flux. 

19  Expand  Networks  adds  WAFS 
support. 

20  Kevin  Tolly:  Confusion  is 
essence  of  Cisco’s  AON. 


Enterprise  Computing 

23  PC  blades  get  clean  bill  of  health. 

26  Sun  readies  throughput  comput¬ 
ing  push. 

26  Forum  seeks  to  keep  grids 
safe. 


Application  Services 

27  Aspect  reaches  beyond  the  call 
center. 

27  A  closer  look  at  ITIL. 

30  Scott  Bradner:  Time  to  dump 
that  MasterCard? 

30  Cisco  nabs  software  firm. 

Service  Providers 

31  Merger  of  SBC  and  AT&T  mov¬ 
ing  steadily  through  regulatory 
process. 

31  Johna  Till  Johnson:  Despite 
federal  mandate,  time  still  isn't  right 
for  IPv6. 


COOLTOOLS 

The  Disc  Stakka  CD  &  DVD 
Manager  allows  users  to 
search  for  a  disk  by  typing  in 
keywords.  Pago  34. 


Technology  Update 

33  ICE  helps  VoIP  traverse  firewalls. 

34  Steve  Blass:  Ask  Dr.  Internet. 

36  Mark  Gibbs:  More  syncing  and 
a  back-up  solution. 

36  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff. 

Opinions 

36  On  Technology:  Privacy  bill  calls 
for  sweeping  reform. 

37  Daniel  Blum:  Out  of  the  cross¬ 
fire,  into  deployment. 

37  Frank  Dzubeck:  No  room  for 
complacency  in  net  management. 

54  BackSpin:  Stepping  in  front  of 
the  freight  train. 

54  'Net  Buzz:  WeatherBug  CTO  has 
a  message  for  network  managers. 


Management 

Strategies 


48  Pay-as-you-go  pricing  picks 

up:  As  more  vendors  offer  software 
as  a  service,  be  aware  of  potential 
pitfalls. 


The  life  and  times  of  an 


Born  in  Taiwan,  raised  in 
California,  ‘Chippy’  finds  his  true  call¬ 
ing  at  Mccarron  Airport  in  Las  Vegas. 
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Buyer's  Guides 

Our  continuously  updated  Buyer's 
Guides  offer  detailed  information  on 
everything  from  blade  servers  and 
enterprise  routers  to  collaboration 
platforms  and  instant  messaging 
management.  Drill  down  into  a  ven¬ 
dor’s  offering  or  compare  products 
side  by  side. 

DocFinder:  8242 

Multimedia  Exchange 

Multimedia  Editor  Jason  Meserve 
writes,  "Podcasters  that  were  tak¬ 
ing  advantage  of  the  liberal  band¬ 
width  utilization  policy  over  at 
Apple's  .Mac  hosting  service  are 
going  to  have  to  look  elsewhere. 
Apple  has  now  set  limits  on  the 
monthly  bandwidth  a  given  account 


can  use." 

DocFinder:  8243 

Case  studies 

Learn  best  practices  from  your 
peers  to  make  the  most  of  technol¬ 
ogy,  save  money  and  streamline 
your  business. 

DocFinder:  8244 

A  Wider  Net 

If  you’ve  missed  any  of  our  weekly 
stories  that  go  beyond  the  speeds 
and  feeds  of  the  network  and  IT 
industries  —  such  as  a  look  at  the 
nation's  elite  science  and  technology 
high  school  or  stories  of  married 
net  pros  —  check  out  the  Wider 
Net  archive. 

DocFinder:  8245 


Online  help  and  advice 


Nutter's  Help  Desk 

Help  Desk  guru  Ron  Nutter  aids  a 
user  who  asks:  "For  the  average 
home  user,  how  safe  is  having  a  sim¬ 
ple  NAT  box  between  your  Internet 
connection  and  your  PC  or  network?” 
DocFinder:  8248 

Small  Business  Tech 

Barracuda  boxes  spam. 

Columnist  James  Gaskin  examines 


Barracuda  Networks'  appliance 
model  for  catching  spam. 

DocFinder:  8249 

Home  Base 

Sandra  Gittlen  looks  for  suggestions 
on  how  home-based  business  own¬ 
ers  can  best  strike  a  balance 
between  their  personal  and  profes¬ 
sional  lives. 

DocFinder:  8250 


Seminars  and  events  

Vortex2005 

This  year,  Vortex  tackles  the  critical  challenges  facing  CIOs,  senior  IT  execu¬ 
tives  and  their  technology  partners  as  both  strive  to  deliver  real  value  to 
their  business,  customers  and  shareholders.  Join  us  in  San  Francisco  this 
October  for  this  once-a-year,  agenda-setting  event. 

DocFinder:  8251 


BREAKING  NEWS 

Go  online  for  breaking  news  everyday.  DocFinder:  1001 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 
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SANS:  'Net  vulnerabilities  up  11% 

■  The  SANS  Institute  last  week  reported  422  new  Internet  security  vulnerabilities  dis¬ 
covered  during  the  second  quarter,  an  increase  of  nearly  11%  from  the  first  quarter. 
Weaknesses  in  popular  back-up  software  highlighted  the  report 
(www.networkworld.com,  DocFinder:  8257). Two  back-up  pro¬ 
grams  —  one  from  Veritas,  acquired  last  month  by  Symantec,  and 
the  other  from  Computer  Associates  —  made  the  Institute’s  list  of 
top  20  new  vulnerabilities  for  the  quarter.  Other  new  vulnerabili¬ 
ties  were  found  in  music-downloading  programs  iTunes  from 
Apple  and  RealPlayer  from  RealNetworks.  In  both  cases,  flaws 
allow  for  bad  playlists  or  music  files  to  be  downloaded  that  con¬ 
tain  malware.  Also  on  the  list  were  Web  browsers  Internet  Explorer  and  Firefox. 


MICHAEL  SLOAN 


Microsoft  targets  high-end  users 

■  Microsoft  plans  to  increase  its  investment  in  enter¬ 
prise-class  products  with  new  high-end  —  and  high¬ 
er-priced  —  versions  of  Windows  and  Office  that  the 
company  plans  to  release  in  the  next  several  years, 
CEO  Steve  Ballmer  said  last  week  at  the  company’s 
annual  Financial  Analyst  Meeting  in  Redmond,  Wash. 
He  said  Microsoft  will  offer  an  enterprise  version  of 
Vista  (see  related  story,  page  10),  the  next  edition  of 
Windows,  plus  a  new  version  of  its  productivity  suite, 
Office  Premium,  aimed  at  better  serving  enterprise 
markets.  Microsoft  also  plans  an  Office  Server  prod¬ 
uct  with  a  new  premium  client-access  license  that 
will  include  system  management,  security  and  e-mail 
offerings  for  high-end  customers,  Ballmer  said.  He 
also  said  Microsoft  plans  server  and  tools  offerings 
for  the  high-end  technical  computing  market,  which 
he  acknowledged  is  “mostly  a  Linux  world  today 

GA  to  cut  5%  of  workforce 

■  Computer  Associates  plans  to  cut  800  positions 
worldwide,  about  5%  of  its  workforce,  in  a  restructur¬ 
ing  effort  aimed  at  saving  $75  million  annually.  CA 
will  finish  most  of  the  worldwide  layoffs  by  year-end, 

COMPENDIUM 


Blog  explosion 


Dave  Sifry,  the  guy  behind  theTechnorati 
blog  search  engine,  last  week  posted  some 
stats:  “Technorati  is  now  indexing  over  14 
million  blogs,  with  about  80,000  new  blogs 
created  every  day.That’s  about  a  new  blog 
created  every  second!  And  there’s  about 
900,000  new  posts  every  day,  which  means 
about  37,500  posts  per  hour  that  we’re  index¬ 
ing.1’  Find  out  more  at  www.network 
world.com,  DocFinder:  8256. 
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“Based  on  our  discussions, 
both  companies  felt  that  it  was 
premature  to  present  this 
research  at  this  time.” 

Cisco  spokesman  explaining  the  decision  to  scuttle  an  Internet 
Security  Systems  presentation  on  how  to  hack  IOS  router  soft¬ 
ware.  The  scheduled  presenter  quit  his  ISS  job  and  delivered  a 
version  of  the  address  anyway. 


the  company  said. 

The  move  echoes  a  similar  announcement  in 
September,  when  CA  initially  cut  800  jobs  to  reduce 
its  operating  costs.The  Islandia,  N.Y., company  fin¬ 
ished  its  fiscal  2005,  which  ended  in  March,  with 
15,300  employees  —  the  same  number  it  had  a  year 
earlier,  despite  its  September  restructuring.  The  job 
cuts  were  offset  by  the  400  employees  CA  gained  in 
its  October  purchase  of  Netegrity  and  by  the  350 
additional  employees  CA  hired  in  India. 

Sun  to  lay  off  1,000  employees 

■  Sun  expects  to  lay  off  about  1,000  employees  at  a 
cost  of  about  $100  million  as  part  of  the  company’s 
ongoing  cost-cutting  strategy,  the  company  said  last 
week.There  was  no  word  from  Sun  where  in  its 
operations  the  job  cuts  ax  is  likely  to  fall.  Sun  last 
announced  significant  job  cuts  in  April  2004,  when 
it  began  to  lay  off  3,300  staff. The  company 
increased  that  job  cut  number  to  3,500  last  October. 
Sun  employs  about  35,000  people,  according  to  its 
Web  site. 

Telco  snaps  up  Integral  Access 

■  Telco  Systems,  a  provider  of  transport  and  access 


TheGoodTheBadTheUgly 

In  the  money.  Three  of  the  10  largest  venture-capital  invest¬ 
ments  made  during  the  second  quarter  were  in  network  or  telecom 
companies,  continuing  the  renewed  interest  among 
venture  capitalists  in  funding  a  sector  that  has  lagged 
dramatically  in  the  last  few  years.  The  big  winner 
among  network  companies  was  VoIP  service  provider 
Vonage,  which  attracted  $200  million  in  its  sixth 
financing  round  to  date,  according  to  the  MoneyTree 
Report,  a  quarterly  survey  performed  by 
PricewaterhouseCoopers,  Thomson  Venture  Economics 
and  the  National  Venture  Capital  Association. 

<  Customer  service  traffic 

jam.  Despite  all  the  money  and  time  that  has  been 
put  into  installing  CRM  and  other  such  technologies  in 
recent  years,  poor  customer  service  is  the  main  rea¬ 
son  people  switch  from  one  service  provider  to  anoth¬ 
er,  according  to  a  survey  of  2,000  consumers  in  the  U.S.  and  the  U.K. 
by  consulting  firm  Accenture.  When  asked  to  describe  the  typical  cus¬ 
tomer  service  experience,  54%  likened  it  to  driving  in  slow  city  traffic 
and  having  to  take  many  alternate  routes  to  the  intended  destination. 

Russian  spammer  killed.  Russian  news  outlets  last 
week  reported  that  the  country's  most  notorious  spammer  was  found 
murdered  in  his  apartment.  The  35-year-old  man  headed  a  group  of 
English-learning  organizations  known  for  their  aggressive  Internet 
advertising  tactics.  Spamming  is  not  illegal  in  Russian,  according  to 
news  outlet  MosNews.  It  is  not  known  yet  what  if  any  role  the  victim's 
spamming  activities  played  in  the  killing. 


systems  for  IP  and  TDM  networks,  last  week 
announced  the  acquisition  of  privately  held  Integral 
Access,  a  developer  of  IP-based  multi-service  access 
platforms  for  converged  voice  and  data.The  acquisi¬ 
tion  will  enable  Telco  Systems  to  offer  service  pro¬ 
viders  an  integrated  access  system  designed  to  mi¬ 
grate  carriers  from  TDM-based  services  to  1P/MPLS- 
based  voice  and  data  services.  Integral’s  PurePacket 
system  supports  softswitch  VoIP  infrastructures  and 
legacy  Class  5  switches,  and  can  be  deployed  in  cen¬ 
tral  offices  and  multi-tenant  units,  and  on  customer 
premises. 

Terms  of  the  acquisition  were  not  disclosed.  Integral, 
which  has  accumulated  $113  million  in  venture 
funding  since  its  inception  in  1996,  is  based  in 
Chelmsford,  Mass.Telco  Systems,  a  wholly  owned 
subsidiary  of  BATM  Advanced  Communications  of 
Israel,  is  headquartered  in  Foxboro,  Mass. 

Teens  and  screens 

■  Researchers  at  the  Pew  Internet  &  American  Life 
Project  say  nine  out  of  10  kids  ages  12  through  17  are 
online,  up  from  about  75%  in  2000.  Comparatively,  the 
study  says  66%  of  adults  use  the  ’Net. The  study  found 
about  half  of  teens  who  have  online  access  go  on  the 
Internet  daily,  up  from  42%  in  2000. Three-quarters  of 
teens  surveyed  use  instant  messaging,  compared 
with  42%  of  online  adults.  About  half  of  the  teens 
have  broadband.  Pew  contacted  1,100  teens  by 
phone  for  the  survey. 


DING  THIN 


APPLIA 


High  Availability  & 

RELIABILITY 


SUPERIOR  PERFORMANCE 

•  Up  to  140,000  L4  connections/sec 

>  Application  throughput  from  2  to  1 2  Gbps 

*  Wire-speed  Layer  2/3  forwarding 
■  Scalable  processor  performance 


Resilient  switching  and  routing  foundation 
Global  load  balancing  for  multi-site 
scalability  and  survivability 
Link  aggregation 

Rapid  and  stateful  session  failover 
RSTP,  VRRP  for  switch  and  router 
redundancy 

Redundant  power  supplies 


SCALABILITY  & 
EXPANDABILITY 


SERVER  RONGT  E-SERIES 


SECURITY 


Port  expansion  to: 

•  48  Gigabit  Ethernet 

•  48  10/100  Mbps  Ethernet 

•  4  10-Gigabit  Ethernet 


•  DoS  protection  up  to  4  million  SYN/sec 

•  Wire-speed  ACLs 

•  Application  rate  limiting 

•  Secure  device  management 

•  sFlow  traffic  monitoring 


Rich  Features 

•  Intelligent  content  switching  using 
URL,  HTTP,  XML,  cookies,  SSL 
ID  and  others 

•  IP  NAT 

•  RIPv2,  OSPF  routing 


Flexibility  & 
Manageability 

•  In-line,  one-ARM  and  Direct  Server 
Return  modes 

•  Web,  SNMP,  INM  and  Cisco-like  CLI 


V 

r 


Uptime,  scalability,  performance 
and  security  are  the  watchwords 
for  your  network.The  Serverlron® 
application  switch  is  designed  for 
this  environment.  Its  advanced 
switch-based  architecture 
features  a  scalable  content 
switching  engine  with  hardware- 
based  DoS  protection  delivering 
the  industry’s  most  powerful 
and  secure  application 
switching  solution. 


1 

i 

A 

Power  and  Flexibility  o!  the  Sa/ V&tkotl 

SERVERlRDN  PC  APPLIANCES  jj 

PERFORMANCE  U PGRAD EAB  ILITY 

X 

IN-SERVICE  PORT  EXPANDABILITY 

.  .  . 

X 

TO-BE  SUPPORT,  >1D  GPBS  THROUGHPUT 

X 

HIGH-DENSITY  DIRECT  SERVER  FAN-OUT 

X 

|  HARDWARE-BASED  CONNECTION 

1  MANAGEMENT  AND  DOS  PROTECTION 

X 

l  WIRE-SPEED  L2/L3  FORWARDING  AND  ACLS 

X  J 

FOUNDRY 

NETWORKS 


The  Power  of  Performance  ™ 


The  Server  Iron 
Family  of  products 
Also  Includes: 


SERVERlRON  450  AND  B5D 


I  serverironSA  Accelerators 


V 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions 
including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches,  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

_ _ ' _ y 


For  more  information  please  call:  us/canada  1  SSB  TURBOLAN, 
INTERNATIONAL  +1  4 O  S  .  5  S  6  .  1  7  □  □  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM/SIE 
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WLAN  vendors  make  summer  splash 


BY  JOHN  COX 

Most  of  the  news  coming  out  of 
the  wireless  LAN  industry  this 
summer  has  been  of  the  product 
enhancement  variety,  but  this 
week’s  debut  of  start-up  Bountiful 
WiFi  is  an  exception. 

The  year-old  company’s  first 
product  is  an  802.1  lb/g  router 
that  the  company  says  can  deliver 
two  to  four  times  the  range  of  con¬ 
ventional  devices.  The  Bountiful 
Router  combines  an  access  point 
with  a  four-port  Ethernet  switch;  a 
WAN  port;  and  a  battery  of  securi¬ 
ty  options,  including  Wi-Fi  Pro¬ 
tected  Access  with  802.  IX  and 
RADIUS  authentication. 

One  key  differentiator  is  an  FCC- 
certified  2.4-GHz  802.1  lb/g  radio 
running  at  840  milliwatts.  That 
compares  with  a  maximum  of  80 
milliwatts  for  many  rival  products. 
Secondly  the  radio,  based  on  an 
Atheros  chipset,  uses  a  group  of 
algorithms,  software  code  and  dis¬ 
crete  radio  frequency  filtering 
components  to  create  a  clean, 
consistent  and  powerful  signal. 

A  conventional  802.1  lb/g  ac¬ 
cess  point  is  generally  considered 
to  have  a  range  of  about  300  feet, 
though  the  data  rate  might  be  1M 
bit/sec  at  that  distance.  Bountiful’s 
router  can  reach  1,200  feet,  accor¬ 
ding  to  company  founder  and 
CEO  David  Egbert.  Citing  “unsci¬ 
entific  tests,”  he  says  the  router  has 
maintained  an  802.1  lg  data  rate 
of  48M  bit/sec  at  600  feet. 

The  Bountiful  Router  costs  $625. 

Symbol,  Cisco  and  more 

In  other  wireless  news,  Symbol 


Symbol's  54M  bit/sec  CB3000 
Client  Bridge  links  client  devices 
that  lack  PC  card  or  PCI  slots  to 
wireless  LAN  access  points.  Shown 
connected  to  the  bridge  here  is  an 
IBM  point-of-sale  terminal. 


Technologies  has  released  a  54M 
bit/sec  802.1  lg  bridge  that  can  be 
plugged  into  by  Ethernet  devices 
that  can’t  be  fitted  with  a  WLAN 
adapter,  such  as  point-of-sale  ter¬ 
minals,  medical  equipment,  time 
clocks,  scales  and  printers.  The 
new  CB3000  Client  Bridge  then 
becomes,  in  effect,  a  wireless  net¬ 
work  interface  card,  making  a 
connection  to  the  nearest  access 
point. 

The  CB3000  can  support  up  to 
16  Ethernet  devices  through  a 
separate  hub,  which  would  plug 
into  the  bridge’s  port. 

An  earlier  model,  released  in 
2001,  used  only  an  11M  bit/sec 
802.11b  radio,  supported  up  to 
eight  clients,  and  lacked  the 
newer  security  standards. 

The  price  of  the  CB3000  is  $285. 

Separately  Cisco  announced  it  is 
now  shipping  a  new  high-end 


BellSouth  software 
to  safeguard  DSL  users 

BY  JIM  DUFFY 

BellSouth  last  week  unveiled  Internet  security  software  for  small- 
business  and  residential  DSL  users. 

The  company’s  Internet  Security  offerings  consist  of  three  prod¬ 
ucts.  One  is  designed  to  keep  viruses,  worms  and  Trojans  off  cus¬ 
tomers’  computers.  Another  detects  and  removes  more  than  60,000 
spyware  invasions.  Also  offered  is  firewall  software  to  inhibit  hacking 
and  intrusion. 

BellSouth  FastAccess  DSL  customers  can  order  individual  software 
products  for  $2.99  per  month,  or  all  three  for  $6.99  per  month.  For 
customers  with  two  to  four  computers,  individual  products  are  $4.99 
per  month,  or  $11.99  per  month  for  the  entire  suite. 

Business  customers  with  up  to  10  computers  can  purchase  indi¬ 
vidual  products  for  $12.99  per  month,  or  the  entire  suite  for  $24.99 
per  month.* 


WLAN  controller,  the  Cisco  4400. 
It’s  the  first  WLAN  controller  joint¬ 
ly  developed  by  engineers  from 
Cisco  and  its  recent  acquisition, 
Airespace. 

The  model  4402  has  two  Gigabit 
Ethernet  ports  and  works  with  12, 
25  or  50  lightweight  access  points. 
The  4402  controller  starts  at 
$9,995,  for  up  to  12  Cisco  1000 
Series  access  points. 

The  model  4404  has  four  Gigabit 
Ethernet  ports,  and  works  with  as 
many  as  100  access  points.  It’s 
priced  at  $35,000.  Both  can  be  fit¬ 
ted  with  an  optional  redundant 
power  supply 

Cisco  plans  to  introduce  a  mod¬ 
ular  version  in  the  fall  that 
includes  Airespace-developed 
code  and  slots  into  the  Catalyst 
6500  LAN  switch. 

Also  new  is  software  from  Meru 
Networks  to  improve  wireless 
VoIP  calls  on  the  company’s 
WLAN  controllers  and  thin 
access  points.  The  Meru  Voice 
Service  Pak  is  an  optional  pro¬ 


gram  with  three  new  voice  fea¬ 
tures,  aimed  at  dense  enterprise 
deployments  of  WLAN  phones. 

First,  you  now  can  limit  the 
number  of  WLAN  phones  that 
connect  to  a  given  access  point 
to  preserve  call  quality  Calls  over 
that  number  can  be  shunted  to 
another  access  point  or  get  a 
busy  signal. 

Second,  the  software  for  the  first 
time  automatically  will  balance 
call  traffic  among  available 
access  points.  The  software  also 
can  do  dynamic  error  correction, 
so  speakers  won’t  experience 
gaps  or  noises  from  packet  loss. 

The  Voice  Service  Pak  is  priced 
starting  at  $20  per  voice  client. 

New  software  also  is  on  the  way 
from  NetMotion.  The  company 
this  week  plans  to  launch  Version 
6.5  of  its  Mobility  XE  software, 
which  provides  a  VPN  for  mobile 
users  on  WLANs  and  cellular  net¬ 
works.  The  release  includes  code 
that  detects  images  in  an  HTTP 
stream  to  a  client  device,  and 


then  compresses  them  to  speed 
the  download.  The  degree  of 
compression  can  be  set  at  the 
administrator’s  screen. 

Another  change  is  increasing 
the  options  and  actions  that  can 
be  set  through  the  Policy 
Management  Module.  For  exam¬ 
ple,  the  image-acceleration  level 
can  be  set  based  on  variables 
such  as  the  version  of  the  client 
device  or  operating  system,  or 
both. 

Pricing  is  unchanged,  starting  at 
$15,000  for  100  users,  with  the 
Policy  Management  Module 
priced  at  $6,500.  ■ 


Correction 


■  In  the  chart  appearing  with  the 
story  “Can’t  get  no  satisfaction” 
(July  25,  page  46),  the  factor  of 
autonomy  in  the  satisfaction  list 
should  have  been  labeled  as  No.  6 
in  the  list. 


Start-up  to  index  e-mail, 
other  unstructured  content 


The  Index  Engines  Appliance  sits  between  the  back-up  disk  or  tape  and  the 
SAN  to  index  Exchange,  Word  and  PDF  files  as  they  are  backed  up. 


BY  DENI  CONNOR 

A  new  company  started  by  a 
pair  of  storage  industry  veterans 
last  week  announced  it  is  ready¬ 
ing  an  appliance  that  indexes  e- 
mail  and  other  unstructured  infor¬ 
mation  so  it  can  be  searched  and 
recovered  more  quickly 

Index  Engines  is  addressing  the 
growing  amount  of  data  stored  on  computer  net¬ 
works  and  the  need  to  have  a  good  system  for 
accessing  data  under  new  regulatory  guidelines. 

The  Enterprise  Strategy  Group  estimates  that  as 
much  as  80%  of  the  data  on  the  network  is  unstruc¬ 
tured  and  Gartner  says  this  will  increase  from  nearly 
4  million  terabytes  today  to  as  much  as  15.2  million 
terabytes  in  2009. 

The  Index  Engines  Appliance  sits  on  a  network 
between  the  back-up  disk  or  tape  and  the  storage- 
area  network,  where  it  inspects  and  indexes 
Microsoft  Exchange,  Word  and  PDF  files  as  they  are 
backed  up. 

“As  you  back  up  every  night,  data  flows  through  our 
appliance,  which  indexes  it  at  the  speed  of  the  back¬ 
up,”  says  CEO  Tim  Williams,  who  started  Index 
Engines  along  with  CTO  Gordon  Harris  in  2003.They 
co-founded  a  storage  company  called  CrosStor  in 
1990,  which  they  sold  to  EMC  10  years  later. 

According  to  Index  Engines,  its  appliance  can 


process  e-mails  and  attachments  at  a  rate  of  3.5  mil¬ 
lion  words  per  second.The  box  will  support  as  many 
as  500  simultaneous  user  queries  per  second,  the 
company  says.  One  model  is  designed  to  index  as 
many  as  4  million  files,  the  other  16  million. 
Appliances  can  be  clustered  to  achieve  higher  seal- 
ability 

The  Index  Engines  Appliance  differs  from  e-mail 
archiving  software  from  EMC  and  Symantec  in  that  it 
only  indexes  files  and  e-mails  and  doesn’t  process 
rules  and  policies  that  govern  where  the  data  is 
stored.  Unlike  those  vendors  with  integrated  policy- 
based  software,  Index  Engines  supplies  APIs  to  let 
customers  build  rules-based  processes  if  they  need 
them. 

The  appliance  works  with  IBM’s  Tivoli  Storage 
Manager,  Symantec’s  Veritas  NetBackup  and  EMC’s 
Legato  Networker  back-up  software.  Bundled  with 
the  Exchange  e-mail  module,  the  appliances  start  at 
$40,000  and  will  be  available  in  September.* 


..and  then  there’s  Inter  Centrino”  mobile  technology. 


MOBILE 

TECHNOLOGY 


Intel®  Centrino"  mobile  technology  for 
laptops  is  designed  from  the  ground  up 
to  make  anything  else  feel  limiting.  It 
delivers  outstanding  mobile  performance. 
It  enables  great  battery  life  in  a  new 
generation  of  thin,  light,  wireless  laptops. 
And  you  don’t  need  cables  or  wireless  cards 
to  keep  your  users  connected* 

Laptops  to  really  mobilize  your  workforce: 
intel.com/business. 


’Wireless  connectivity  and  some  features  may  require  you  to  purchase  additional  software,  services,  or  external  hardware.  System  performance  measured  by  MobileMark  2002.  System  performance,  battery  life,  wireless  performance,  and  functionality  will  vary  depending  on 
your  specific  operating  system,  hardware,  and  software  configurations.  ©2005  Intel  Corporation.  Intel.  Intel  Inside,  the  Intel  Inside  logo,  the  Intel  Centnno  logo,  and  Intel  Centrino  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  tinned  States 

and  other  countries.  All  rights  reserved. 


10  •  www.networkworld.com  •  8.1.05 


Microsoft  offers 
look  at  new  Vista 

BY  TIM  GREENE 

Corporate  developers  eyeing  Microsoft’s  upcoming  Vista  operating 
system  should  test  it  against  their  current  applications  before  making 
any  deployment  decisions,  experts  say. 

Microsoft  last  week  released  a  beta  version  of  Vista  to  20,000  corpo¬ 
rate  and  commercial  software  developers. 

The  best  thing  corporate  application  developers  can  do  is  check 
whether  their  current  applications  actually  work  on  Vista,  says  Michael 
Cherry  lead  analyst  for  Windows  at  Directions  on  Microsoft.  While  in 
theory  they  should,  it’s  important  to  check  the  basics.“The  question  you 
want  to  answer  is, ‘Does  it  run  still?”’ Cherry  says. 

If  not,  potential  users  will  want  to  consider  the  cost  of  tinkering  with 
applications  so  they  will  run  on  Vista,  says  Peter  O’Kelly,  a  senior  analyst 
with  Burton  Group. While  it’s  relatively  efficient  to  re-image  software  on 
a  PC  remotely  it  can  be  time  consuming  and  costly  to  retool  individual 
applications. “You  don’t  want  to  touch  every  desktop,”  O’Kelly  says. 

Developers  also  should  examine  new  APIs  for  graphics  and  Web  ser¬ 
vices  that  Microsoft  says  make  development  easier.  Cherry  says  devel¬ 
opers  should  assess  whether  it  is  worthwhile  to  use  the  APIs,  called 
Windows  Presentation  Foundation  (formerly  Avalon)  for  graphics  and 
Communications  Foundation  (formerly  Indigo)  for  Web  services. 

“You  might  have  to  do  some  coding  changes  to  your  applications 
and  evaluate  whether  it’s  worth  the  effort,”  he  says.  If  extensive  rewrit¬ 
ing  is  needed.it  might  be  better  to  stick  with  the  current  operating  sys¬ 
tem  or  push  Microsoft  to  alter  its  code,  he  adds. 

Potential  users  also  might  want  to  compare  the  software  on  PCs  with 
more  and  less  processing  power,  O’Kelly  says.  For  example,  Presenta¬ 
tion  Foundation  will  work  on  PCs  that  currently  run  Windows  XPbut 
some  of  Vista’s  new  graphic  effects  might  not  come  through  without 
more  powerful  processors.'Tt  works  better  on  leading-edge  hardware,” 
he  says. 

Otherwise,  the  quality  of  the  new  effects  will  be  reduced  somewhat. 
“If  you  have  a  PC  that  was  created  in  the  last  couple  of  years,  you  don’t 
have  to  worry  about  it,”  he  says. 

Vista  also  includes  a  security  change  that  defaults  to  give  new  users 
no  more  privileges  than  necessary.  Current  Windows  platforms  lump 
new  users  in  administrative  groups,  but  Vista  will  cut  that  back  to  min¬ 
imal  privileges  unless  more  are  specifically  granted.'This  is  well  estab¬ 
lished,  good  security  practice,”  Cherry  says.  Again,  potential  users 
should  test  whether  the  new  security  feature  gets  in  the  way  of  busi¬ 
ness  goals.“You  want  to  make  sure  that  with  this  implementation  your 
application  is  still  working.” 

The  beta  doesn’t  include  planned  changes  to  the  look  ofVista  com¬ 
pared  with  XP  O’Kelly  says.These  changes  will  give  Microsoft  a  more 
Mac-like  look  and  feel.  For  example,  some  windows  will  appear  to  be 
translucent,  so  users  can  see  what’s  behind  them. 

“It’s  the  same  kind  of  eye  candy  MacOS  has  had  for  a  while,”  he  says. 
And  Vista  will  support  virtual  items  —  the  ability  to  have  a  file  appear 
in  multiple  folders  even  though  there  is  just  one  instance  of  the  file 
stored  on  the  PC.This  is  something  Lotus  Notes  and  Microsoft  Outlook 
already  can  do. 

Vista’s  release  is  scheduled  for  next  year. “The  vast  majority  of  enter¬ 
prises  are  going  to  wait  until  the  first  service  pack,”  O’Kelly  says. 

Microsoft  should  hope  more  customers  upgrade  to  Vista  than  the 
15%  that  upgraded  to  Office  2003.“If  it’s  like  that  for  Vista,  it’s  going  to 
be  a  long  decade  for  Microsoft,”  he  says.  ■ 

$  Changes  to  the  Windows  kernel  mean  that  some  software  might 
need  to  be  rewritten  for  the  64-bit  version,  angering  some  users. 

See  story  page  17. 


MCI  boosts  its  SLAs 


BY  DENISE  PAPPALARDO 

MCI  is  improving  its  Managed 
LAN  service-level  agreements  by 
offering  customers  better  repair 
time  and  availability  guarantees. 

The  carrier  says  it  guarantees  it 
will  repair  a  Managed  LAN  service 
outage  within  3Vi  hours  in  the  U.S. 
Previously  MCI  offered  customers 
a  four-hour  repair  guarantee. 

“MCI’s  SLAs  are  unique  because 
all  of  the  SLAs  are  generally  avail¬ 
able,”  says  Melanie  Fbsey,  an  ana¬ 
lyst  at  IDC.“A  lot  of  other  service 
providers  offer  these  types  of 
guarantees,  but  more  on  a  case- 
by-case  basis.” 

Earlier  this  year,  MCI 
announced  similar  SLAs  for  its 
Managed  WAN  services. 
Customers  using  MCI  for  both 
Managed  LAN  and  WAN  services 
have  a  single  consistent  SLA 
across  both  network  services, 
says  John  Schultz,  senior  director 
of  managed  network  services  at 
the  carrier. 

“It’s  a  competitive  differentiator 
that  MCI  is  offering  [time-to-re- 
pair]  guarantees  for  both  its 
Managed  LAN  and  WAN  ser¬ 
vices,”  Fbsey  says. 

For  customers  with  LANs  in  21 
countries  outside  the  U.S.,  MCI 
guarantees  it  will  repair  outages 
within  four  hours.  The  countries 


Higher-level  service 

Here’s  a  look  at  the  old  and  new  service-level  agreements  for 
MCl’s  Managed  LAN  service  customers. 


Guarantee 

Old 

New 

Time  to  repair  in  U.S. 

Mean  time  to  repair  of  4  hours 

3,5  hours 

Time  to  repair  in  select 
global  areas 

Mean  time  to  repair  of  5  hours 

4  hours 

Time  to  repair  in  all 
other  parts  of  the  world 

Mean  time  to  repair  of  8  hours 

6  hours 

LAN  switch  availability 

No  previous  SLA 

99.5%  for  workgroup  and 
99.95%  for  core  switches 

Change  management 

72  hours 

24  hours 

covered  by  this  SLA  include 
Australia,  Austria,  Belgium, 
Canada,  Denmark,  Finland, 
France,  Germany,  Hong  Kong, 
Ireland,  Italy  Japan,  Luxembourg, 
Netherlands,  Norway  Singapore, 
South  Korea,  Spain,  Sweden, 
Switzerland  and  the  U.  K. 

Customers  with  Managed  LAN 
services  in  other  parts  of  the 
world  receive  a  six-hour  time-to- 
repair  guarantee. 

MCI  also  has  added  perfor¬ 
mance  guarantees  for  LAN 
device  availability  for  workgroup 
and  core  LAN  devices.  For  the 
first  time,  MCI  says  it  guarantees  at 
least  99.5%  availability  for  all 
workgroup  LAN  switches  and 
99.95%  for  all  core  LAN  devices. 


The  service  provider  offers  a 
guarantee  for  customers  with 
third-party  maintenance  con¬ 
tracts.  For  example,  if  a  customer 
has  a  maintenance  contract  with 
Cisco,  MCI  is  essentially  backing 
up  that  agreement  with  a  six-hour 
time-to-repair  guarantee. 

It’s  the  first  time  that  MCI  has 
offered  a  device-availability  and 
third-party  time-to-repair  guaran¬ 
tees  for  its  Managed  LAN  service 
customers. 

The  improved  SLAs  are  avail¬ 
able  to  all  new  Managed  LAN  ser¬ 
vice  customers.  The  SLAs  do  not 
automatically  apply  to  current 
customers,  although  they  can  add 
the  SLAs  to  their  contract  during 
its  next  renewal  period.  ■ 


Bill  to  update  Telecom  Act 


BY  JIM  DUFFY 

A  U.S.  senator  last  week  introduced  legislation  that 
some  say  is  a  first  step  in  reworking  the  Tele¬ 
communications  Act  of  1996. 

Sen.  John  Ensign  (R-Nev.)  submitted  the  Broad¬ 
band  Consumer  Choice  Act  of  2005,  a  bill  that  seeks 
to  ease  regulation  on  service  providers  as  they  invest 
in  IP-enabled  broadband  services  such  as  IPTV 
Carriers  are  looking  to  offer  high-speed,  IP-based 
video  services  such  as  IPTV  in  an  effort  to  better 
compete  with  cable  companies  offering  VoIP  ser¬ 
vices.  Telcos  and  cable  providers  are  on  a  collision 
course  as  they  look  to  control  the  converged  ser¬ 
vices  —  voice,  video  and  data  —  access  pipe  into 
homes  and  businesses. 

Supporters  say  the  Ensign  bill  is  the  first  significant 
update  to  U.S.  telecom  law  since  the  1996  Telecom 
Act,  which  sought  to  open  incumbent  networks  to 
competitors.  Some  lawmakers  are  considering 
rewriting  or  even  dismissing  the  1996  bill  as  com¬ 
munications  technology  advances  and  voice,  video 
and  data  convergence  takes  hold. 

“The  Ensign  proposal  would  bring  telecommuni¬ 
cations  law  up  to  date  so  that  consumers  can  make 
their  own  decisions  in  the  marketplace  free  of  the 


heavy  hand  of  government,”  said  Herschel  Abbott, 
BellSouth  vice  president  of  Governmental  Affairs,  in 
a  statement.  “It  will  speed  the  deployment  of  com¬ 
petitive  video  services  and  provide,  at  last,  vibrant 
competition  in  video.” 

“We  commend  Senator  Ensign  for  crafting  legisla¬ 
tion  that  seeks  to  promote  competition  and  innova¬ 
tion  and  treats  like  services  alike,”  said  Kyle  Mc- 
Slarrow,  president  and  CEO  of  the  National  Cable 
and  Telecommunications  Association.  “While  there 
are  specific  provisions  we  would  want  to  work  on 
with  Senator  Ensign,  this  is  an  important  and  con¬ 
structive  step  forward.” 

Key  aspects  of  the  bill  are: 

•The  elimination  of  the  requirement  that  video  ser¬ 
vice  providers  obtain  a  cable  franchise  agreement  to 
provide  video  service. 

•  Establishment  of  federal  consumer  protection 
standards  to  ensure  timely  and  quality  carrier 
service. 

•  Assured  consumer  access  to  Internet-based 
phone  service. 

Ensign  is  seeking  support  for  his  bill  from  other 
lawmakers.  He  gave  no  timetable  for  passage  or  mov¬ 
ing  the  bill  forward.  ■ 
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Grubb 

continued  from  page  1 

Everyone’s  had  a  demanding 
boss  at  some  point  —  but  c’mon. 

Anyone  who  has  seen 
Chambers  speak  a  few  times 
knows  the  routine:  part  state-of- 
the-industry  address,  part  sales 
pitch,  part  revival  meeting.  And 
then  there’s  the  product  demo. 
This  is  what  Grubb,  Cisco’s  chief 
demonstration  officer,  has  han¬ 
dled  for  the  past  eight  years,  at 
as  many  as  60  events  per  year. 

Much  of  the  schtick  involves 
Grubb  showing  off  new  technol¬ 
ogy  while  Chambers  comments 
and  makes  gibes: 

Are  you  nervous,  Jim?  You 
seem  a  little  tense. 

This  must  not  fail,  Jim,  because 
that’ll  be  embarrassing  for  me 
and  you. 

It’s  OK  if  you  mess  up  . . .  I’ll  just 
fire  you. 

Grubb,  43,  always  appearing  on 
cue  with  an  “oh,  gosh,  me?” 
smile,  fills  the  stage  with  his 
physical  presence  and  conta¬ 
gious  laugh.  He  says  the  jokes 
and  big-bad-boss  warnings  are 
all  part  of  the  act. 

Setting  the  scene 

The  demos  usually  involve 
Chambers  and  Grubb  acting  out 
a  real-life  scenario  —  a  doctor’s 
office,  a  retail  store,  a  construc¬ 
tion  site  —  where  Cisco  technol¬ 
ogy  is  featured. 

“We  write  jokes  and  certain 
lines,”  Grubb  says.“But  we  don’t 
hard-script  most  of  it.” 

Grubb  has  demoed  Cisco  tech¬ 
nology  all  over  the  world. 
Audiences  have  included  Mikhail 
Gorbachev,  former  leader  of  the 
Soviet  Union;  former  Secretary  of 
State  Madeleine  Albright;  Presi¬ 
dent  Vicente  Fox  of  Mexico;  and 
former  Vice  President  A1  Gore. 

But  Grubb  doesn’t  know  much 
about  stage  fright.  He  studied 
music  at  the  University  of 
Massachusetts  at  Lowell,  concen¬ 
trating  on  voice  performance, 
and  took  part  in  community  the¬ 
ater  for  many  years. 

Tinkering  and  invention  are 
also  part  of  Grubb’s  back¬ 
ground:  his  granduncle  invent¬ 
ed  the  lock  boxes  that  real 
estate  agents  use  to  store  house 
keys  in  homes,  and  his  mother 
ran  the  family  business,  selling 
the  devices  part  time  when  she 
wasn’t  teaching  school.  She 
purchased  a  Northstar  Horizon 
PC,  which  Grubb  used  to  teach 


himself  programming,  when  he 
wasn’t  fooling  around  with  his 
ham  radio  set. 

After  leaving  college  to  start  his 
own  computer  company  Grubb 
ended  up  working  at  Digital 
Equipment  Corp.,  working  his 
way  up  from  order  processing  to 
systems  engineering,  giving  prod¬ 
uct  demos  on  sales  calls.  During 
a  visit  to  the  U.S.Fbstal  Service,  a 
major  Digital  account  in  the  late 
1980s,  he  discovered  it  was  using 
routers  “from  this  little  company 
called  Cisco”  to  tie  together  its 
VAX  network. 

This  led  Grubb  to  the  West 
Coast  and  a  consulting  engineer¬ 


ing  job  at  Cisco.  Eventually,  he 
moved  up  to  manage  some 
product  lines.  In  1996,  he  did  his 
first  demo  with  Chambers:  an  IP 
video  demonstration  “that  was 
incredibly  complex,  with  a  rotat¬ 
ing  stage,  all  these  plasma 
screens  —  it  was  ridiculous,  but 
we  pulled  it  off.” 

After  that,  he  got  a  call  from 
the  CEO’s  office. 

“It  wasn’t  a  direct  invite,”  Grubb 
says, “because  business  units  are 
not  supposed  to  poach  people 
from  inside  the  company  They 
asked  if  I  knew  anyone  who 
might  be  able  to  help  John  give 
demos  and  presentations.”  Grubb 
says  it  took  him  a  few  days  to 
realize  what  they  were  asking. 
Since  then  he’s  been  on  the 
road  with  Chambers. 

“Some  things  are  the  same,  like 
the  hotels  and  the  steam-tray 
food,  but  everything  else  is 
always  different,”  Grubb  says. 


“Following  John  around  the 
world  has  been  like  getting  an 
MBA;  I’m  like  a  fly  on  the  wall  in 
so  many  customer  meetings. . . . 
And  it’s  just  a  lot  of  fun.  I  get  to 
play  with  all  the  toys.” 

Close  calls 

Having  access  to  the  latest  net¬ 
work  technology  —  the  toys  — 
is  not  all  fun  and  games.  Grubb 
says  he  works  constantly  with 
his  staff  to  boil  down  complex 
network  technology  into  an 
understandable  15-minute  pre¬ 
sentation,  often  working  with 
gear  fresh  from  Cisco’s  labs.  And 
as  any  network  pro  knows, 


Murphy’s  Law  and  Moore’s  Law 
often  clash. 

Recalling  some  of  his  closest 
calls,  Grubb  describes  a  wireless 
technology  demo  he  devised 
two  years  ago  for  an  audience  of 
CEOs  at  a  high-tech  summit  held 
at  a  tony  Pawleys  Island, S.C., 
resort, “where  the  steam-tray 
food  was  actually  good.” 

The  demo  showed  how  RFID 
and  802.11  gear  could  interact. 
“We  set  that  whole  network  up, 
and  we  rehearsed. Then  the  next 
day  it  just  stopped  working,” 
Grubb  says.  After  hours  of 
troubleshooting,  he  was  about  to 
give  up.  But  the  next  morning,  on 
demo  day  it  all  came  back  to 
life. 

The  only  explanation  had  to 
do  with  the  King  of  Jordan,  who 
was  in  the  audience,  Grubb  says. 
The  entire  hotel  was  under 
heavy  security  and  surveillance, 
“and  we  thought  the  FBI  was 


using  some  sort  of  ultrawide- 
band  communication  devices, 
because  you  can’t  use  a  radio 
scanner  to  listen  in  to  those 
things,”  he  says.The  G-men’s 
high-powered  wireless  gear 
drowned  out  Grubb’s  lower-pow¬ 
ered  802.11  and  RFID  demo,  the 
theory  goes. 

But  onstage  flubs  are  rare. 
Grubb’s  discipline  is  fault  toler¬ 
ance  and  security. 

“We  put  a  lot  of  effort  into 
making  sure  things  don’t  break,” 
he  says. 

Grubb  and  his  staff  create  an 
entirely  closed  LAN  for  their  net¬ 
work  demos  separate  from  the 
convention  center  or  hotel  facili¬ 
ties  hosting  the  event.  PCs  and 
servers  are  required  to  have  a 
back-up  machine  that  can 
instantly  take  over  in  case  of  a 
lockup.  Load  balancers  and 
redundant  links  are  standard. 

He  learned  many  of  these 
lessons  the  hard  way,  of  course. 

Cisco  officials  were  at  a  ritzy 
golf-centric  executive  event  in 
Spanish  Bay  Calif.,  where  Grubb 
and  Chambers  demonstrated 
VoIP  technology.  Chambers, 
holding  a  digital  phone  set,  was 
to  connect  to  Grubb,  who  was 
using  VoIP’ When  John  picked  up 
the  phone,  there  was  no  dial 
tone  —  PacBell  had  just  come 
in  and  disabled  that  extension 
on  the  hotel’s  PBX,"  Grubb  says. 

Grubb  now  takes  his  own  mini 
PBX  on  the  road  when  demon¬ 
strating  interoperability  between 
VoIP  and  TDM  networks. 

Nothing’s  doctored 

As  for  the  Cisco  gear  that  takes 
center  stage  in  these  demos, 
Grubb  says, “We  do  some  hard¬ 
ening  of  things,”  in  order  to 
ensure  the  box  on  display  runs 
smoothly  for  the  audience.  But 
he  insists  the  gear  is  not  doc¬ 
tored,  dressed  up  or  dumbed 
down  for  show. 

“We  don’t  do  anything  to  the 
products  a  customer  can’t  do  in 
real  life,”  he  says. 

Even  with  his  unique  back¬ 
ground  in  stage  performance 
and  networking,  Grubb  says 
there’s  always  stress. 

“There’s  plenty  of  it,”  he  says. 
“You’re  working  at  odd  hours,  just 
like  any  network  professional.” 

Grubb  and  his  staff  sometimes 
have  only  a  few  days,  or  even  a 
few  hours,  to  set  up  a  demo. 
Chambers  sometimes  does  not 
know  the  demo’s  content  until 
the  day  it  occurs. 


“The  closest  John  has  ever 
come  to  getting  angry  with  me 
was  an  event  in  Japan,"  Grubb 
says,  where  he  and  Chambers 
were  again  demonstrating  that 
tricky  VoIP  technology. 
Chambers  was  talking  into  an 
IP  phone,  linked  to  the  public 
address  system. The  PA  system 
worked,  but  Chambers  couldn’t 
hear  his  own  voice  on  the 
handset.  Grubb  recalls 
Chambers  being  frustrated, 
thinking  that  the  demo  made 
the  technology  look  rigged. 

“I  was  trying  to  convince  him 
that  we  can  hear  him  through 
the  PA,”  Grubb  says.  After  a  brief 
back-and-forth,  Grubb  recalls 
Chambers  saying, “Jim  ...  let  me 
make  a  suggestion” —  to  use 
another  handset. 

“Sometimes  I  have  to  remem¬ 
ber  that  it’s  his  show,  not  mine,” 
Grubb  says. 

Those  who  have  seen  Grubb  in 
action  say  they  look  forward  to 
the  demo  portion  of  a  Cisco 
event. 

“The  way  he  does  presenta¬ 
tions,  with  his  timing  and  humor, 
he  really  pulls  them  off  well  — 
better  than  most  people  I’ve 
seen,” says  Jim  Wilson,  network 
services  manager  for 
Henderson,  Nev.  Wilson  has 
watched  Grubb  at  the  last  five 
Cisco  Networkers  customer 
events.“He  does  steal  the  show 
[from  Chambers]  sometimes.” 

“Some  CEOs  can  have  a  large 
ego;  they  can  be  demanding,” 
Wilson  says.To  be  up  there  like 
[Grubb]  is,  in  front  of  thousands 
of  people  and  your  boss,  and  to 
know  that  everyone’s  watching  if 
you  screw  up  —  it  looks  like  a 
tough  job.” 

At  the  most  recent  Networkers 
Show,  over  a  lunch  of  steam-tray 
chicken  and  vegetables,  Grubb 
denied  having  the  toughest  job 
in  networking. 

“I  wouldn’t  say  it’s  the  easiest 
either]’ he  says.The  nice  thing  is 
that  John  trusts  me  and  my  staff 
enough  to  let  us  go  off  and  build 
these  things,  so  he  can  worry 
about  running  the  company’  M 
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Mlf  you  have  a  flaw  brought  to  light,  I 
don’t  think  Cisco  should  have  a  prob¬ 
lem  sharing  that  flaw. . .  as  opposed  to 
trying  to  hush  up  the  person  who 
exposed  the  flaw.W 

Joe  Moore,  director  of  IT  for  Arizona's  auditor  general’s  office 


Black  Hat 

continued  from  page  1 

Lynn  maintains  that  he  acted 
properly,  a  position  that  garnered 
backing  from  security  experts 
and  conference  attendees. 

“I  think  I  did  the  right  thing,”  he 
says.“I  didn’t  disclose  any  vulnera¬ 
bilities  that  were  new.  The  impor¬ 
tant  thing  is  that  vulnerabilities 
can  be  seriously  exploited.”  The 
fact  that  Cisco  source  code  was 
stolen  last  year  makes  the  chances 
of  an  exploit  more  likely  and  that 
heightened  risk  demanded  early 
disclosure,  Lynn  says. 

That  sentiment  was  widely  held 
last  week. 

“Cisco  should  have  told  us  ear¬ 


lier  about  this  because  it  clearly 
makes  patching  a  high  priority 
that  has  to  be  done,”  said  Joseph 
Klein,  senior  security  analyst  at 
Honeywell  Technology  Solutions. 

The  shellcode  flaw  and  Cisco’s 
reaction  to  it  are  “definitely  a 
source  of  concern,”  said  Joe 
Moore,  director  of  IT  for  the  state 
of  Arizona,  auditor  general’s 
office.  “There  is  a  lot  hanging  on 
what  kind  of  equipment  you  have 
facing  the  public  network.  ...  If 
you  have  a  flaw  brought  to  light,  I 
don’t  think  Cisco  should  have  a 
problem  sharing  that  flaw,  espe¬ 
cially  if  it’s  already  been  taken 
care  of,  like  Cisco  says  it  has. . .  as 
opposed  to  trying  to  hush  up  the 
person  who  exposed  the  flawT 


John  Parsons,  manager  of  global 
telecommunications  and  net¬ 
works  at  Kodak,  says  the  compa¬ 
ny’s  router  engineers  keep  its 
Cisco  equipment  current  with  up¬ 
dated  patches.  Parsons  expressed 
some  sympathy  for  Cisco’s  posi¬ 
tion  in  going  after  Lynn.  “Maybe 
Cisco  wanted  to  make  sure  they 
had  the  proper  patches  or  work¬ 
arounds  ready  for  this,  which  I 
think  is  reasonable,”  he  says. 

On  Friday  Cisco  was  to  have 
posted  a  security  advisory  related 
to  the  issue  of  remote  exploits  of 
Cisco  routers  at  www.cisco.com 
/go/psirt. 

ISS  and  Cisco  had  planned  to 
have  Lynn  talk  about  this  new 
type  of  potentially  devastating 


buffer-overflow  attack  against 
unpatched  routers,  but  canceled 
at  the  last  minute,  saying  more 
research  was  needed. 

However,  Lynn  broke  ranks,  defi¬ 
antly  speaking  out  on  the  subject 
for  what  he  says  were  reasons  of 
national  security 

He  was  promptly  sued  by  ISS 
and  Cisco,  which  claimed  his 
actions  were  illegal. Lynn  acknow¬ 
ledged  in  a  settlement  reached 
Thursday  that  he  had  broken  con¬ 
fidentiality  agreements  and  by 
week’s  end  he  and  his  lawyer 
were  delivering  sensitive  materials 
and  software  related  to  the  router 
exploit  into  the  hands  of  Cisco 
lawyers. 

In  addition  to  Lynn,  Cisco  sued 
the  Black  Hat  conference  and 
launched  a  bizarre  late-night 
purging  campaign  that  had  a 
team  from  Cisco  physically  cut¬ 
ting  15  pages  of  sensitive  informa¬ 
tion  about  the  exploit  out  of  the 
conference  proceedings  and 
destroying  conference  CDs. 

Talk  of  the  confrontation  domi¬ 
nated  the  conference  (read 
columnist  Mark  Gibbs’  take  on 
Lynn’s  outburst,  page  54). Security 
researchers  expressed  concern 
that  what  happened  to  Lynn  will 
result  in  chilling  security  research 
that  sometimes  simply  involves 
sharing  ideas. 

Johnny  Long,  penetration  tests 
at  Computer  Science  Corp.,  pre¬ 
sented  a  live  demonstration  on 
how  to  use  advanced  search 
capabilities  in  Google  as  a  hack¬ 
ing  tool  to  uncover  sensitive 
information  inside  corporate 
networks.  He  noted  that  Google 
is  taking  such  information  to 
heart  by  quietly  beginning  to 
block  some  search  attempts, 
which  he  called  a  step  in  the 
right  direction. 

“Actually  I’m  not  being  sued  by 
Google,”  Long  joked,  but  said  the 
furor  over  the  Cisco  router  exploit 
is  leaving  a  huge  impression  on 
researchers  who  might  become 
more  cautious  about  discussing 
problems  they  uncover. 

In  one  of  its  legal  filings  against 


Lynn  last  week,  Cisco  claimed  the 
method  of  reverse  engineering 
that  he  used  to  uncover  the  buffer- 
overflow  exploit  is  illegal  —  a 
contention  that  drew  skepticism 
from  some  experts. 

“As  long  as  reverse  engineering 
is  for  research  purposes,  and  no 
one  is  trying  to  make  money  off  it, 
it’s  not  illegal,”  said  Marc  Maiffrett, 
co-founder  and  chief  hacking  offi¬ 
cer  at  eEye  Digital  Security  a  vul¬ 
nerability  and  research  and  secu¬ 
rity  vendor. 

Legal  issues  aside,  Cisco’s  moves 
against  Lynn  send  the  wrong  mes¬ 
sage  to  the  security  community 
Maiffrett  said.  “Security  re¬ 
searchers  aren’t  going  to  make  the 
stuff  public  if  Cisco  is  just  going  to 
come  back  at  them  with  legal 
action.” 

Frank  Dzubeck,  president  of 
Communications  Network  Archi¬ 
tects,  said  he  doubts  that  an  attack 
based  on  an  IOS  flaw  would 
cause  widespread  damage  to  the 
Internet  because  products  from 
Cisco’s  rival  Juniper  have  a  large 
presence  in  carrier  backbone 
networks. 

But  vendors  do  need  to  be 
watched  by  other  vendors,  he 
added. 

“It’s  a  good  thing  to  have 
watchdogs  in  this  business  and  I 
think  Cisco  has  an  issue  with 
being  watched,”  Dzubeck  said. 
“Microsoft  has  gotten  used  to 
this.  They  actually  rely  on  other 
people  to  tell  them  what  it’s 
doing  wrong,  and  they’re  confi¬ 
dent  in  those  people.  In  Cisco’s 
case,  they’re  still  saying  that  we 
know  what  we’re  doing  better 
than  anyone  else  because  we 
created  it  and  we  own  it.”  ■ 
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Did  Lynn  do  the  right  thing? 

Weigh  in  on  this  week's  Cisco/ISS  con¬ 
troversy  in  our  online  forum. 
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Wild  week  at  security  conference 


Controversy  erupts  at  Black  Hat  over  disclosure  of  Cisco  router  vulnerabilities. 


Monday 

•  Cisco,  ISS  tell  show  organizers  to  cancel  router 
security  presentation. 

•  Cisco  employees  use  razorblades  to  cut  15  pages 
from  2,500  documents;  also  destroy  show  CDs. 


Tuesday  I 

•  Word  spreads  about  cancellation, 
along  with  rumor  of  involvement  by 
Department  of  Homeland  Security. 


Weikiesday 

•  Cisco,  ISS  separately  field  press  questions  about  cancellation;  deny  government 
pressure. 

•  ISS  researcher  Michael  Lynn  quits  job  before  demonstrating  what  he  said 
are  ways  to  launch  a  buffer-overflow  attack  against  unpatched  Cisco  routers. 

•  Cisco,  ISS  acquire  court  injunction  against  Lynn  and  conference  organizers. 

i 


i nursudy 

•  Parties  reach  settlement  whereby  Lynn  agrees 
to  reveal  no  more  details. 

•  Lynn  tells  reporters  he  "did  the  right  thing." 


Friday  I 

•  Cisco  was  expected  to 
post  a  security  advisory 
atwww.cisco.com/go/psirt. 


Black  Hat  event  highlights  RFID 
and  VoIP  security  threats 


Conference  attendees 
also  get  a  lesson  in 
de-perimeterization. 

BY  ELLEN  MESSMER 

LAS  VEGAS  —  The  Black  Hat  conference  —  an 
annual  event  where  security  professionals  get  in 
touch  with  their  inner  hacker  and  vice  versa  —  has 
for  nine  years  been  a  stage  for  detailing  new  secu¬ 
rity  exploits  and  sharing  visions  of  the  future. 

News  last  week  was  dominated  by  the  saga  of 
security  researcher  Michael  Lynn,  who  defied  his 
employer  Internet  Security  Systems  by  delivering  a 
forbidden  presentation  on  hacking  unpatched  Cisco 
routers  —  and  was  subsequently  sued  by  ISS  and 
Cisco.  But  Black  Hat  had  much  more,  including: 

•  Phil  Zimmerman,  the  fabled  inventor  of  Pretty 
Good  Privacy  (PGP)  encryption  for  e-mail,  unveiled 
plans  to  bring  encryption  to  VoIP  phones. 


•  The  Jericho  Forum,  a  group  of  multinational  cor¬ 
porations  that  want  to  better  secure  e-commerce  by 
pushing  security  controls  further  into  networks  and 
away  from  the  perimeter,  showcased  technologies 
it  said  represent  that  vision. 

•  Throughout  the  conference,  security  experts 
showed  how  easy  it  could  be  to  disrupt  wireless 
networks  or  pillage  data  repositories. 

Among  the  darker  demonstrations,  Kevin  Mahaffey 
director  of  development  at  Flexilis,  operated  a  radio- 
based  voltage-controller  oscillator  that  acted  as  a 
disrupter  that  could  shoot  a  frequency  beam  at  an 
RFID  reader.  As  it  emitted  a  shrill  whine,  the  RFID  dis¬ 
rupter  jammed  the  reader  or  eliminated  a  compre¬ 
hensive  reading  of  RFID  tags,  which  in  actual  use 
could  play  havoc  with  supply-chain  operations 
using  the  tags. 

“This  can  take  away  the  ability  to  read  tags  reli¬ 
ably?’  Mahaffey  said.  He  added  that  there  also  are 
ways  to  sniff  RFID  tags,  clone  the  information  and 

See  Conference,  page  16 
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Avaya  bolsters  automated  voice  apps 

New  software  designed  to  help  integrate  voice  recognition,  Web  programs  and  databases. 


BY  TIM  GREENE 

Avaya  this  week  is  announcing 
two  software  platforms  to  create 
and  execute  applications  that 
answer  phones  and  respond  to 
spoken  words  to  deliver  informa¬ 
tion  sought  by  callers. 

The  Call  Portal  and  Dialog 
Designer  software  works  with 
PBXs  and  peripheral  speech-pro¬ 
cessing  programs,  as  well  as  with 
business  databases  to  support 


Conference 

continued  from  page  14 

commit  fraud  by  wrongly  tagging 
goods.  Use  of  public-key  encryp¬ 
tion  would  likely  be  the  best  way 
to  counter  or  identify  these  types 
of  threats,  but  this  is  still  rare  in 
the  RFID  world. 

Experts  on  the  panel  suggested 
that  although  the  threat  appears 
minor  at  this  point,  it  is  a  cause 
for  concern. 

Paul  Simmonds,  chief  informa¬ 
tion  security  officer  at  chemical 
and  paints  manufacturer  ICI  in 
the  U.K.,  said  corporations  in 
retailing  and  the  grocery  indus¬ 
try  use  RFID  tags  to  speed  deliv¬ 
ery  of  goods  so  they  don’t  have 
to  unpack  them  to  identify 
them. 

But  as  a  maker  of  a  premium 
line  of  house  paints,  ICI  would  be 
concerned  if  its  goods  were 
fraudulently  marked  down  in  a 
two-for-one  sale  through  some 
form  of  RFID  spoofing.  “People 
can  get  away  with  theft  with  this,” 
Simmonds  said. 

As  the  session  turned  to  the 
subject  of  government  use  of 
RFID  tags  in  passports  —  which 
the  U.S.  has  said  it  intends  to 
implement  —  the  panelists 
expressed  reservations  that  suf¬ 
ficient  security  controls  might 
not  be  in  place  to  prevent  iden¬ 
tity  theft. 


custom  call  applications.  The 
company  plans  to  announce 
them  at  the  SpeechTek  show  in 
New  York. 

Call  Fbrtal  could  control  the  call 
flow  of  an  application  that  checks 
the  incoming  caller  ID,  answers 
the  phone  with  a  greeting  that 
uses  the  name  of  a  person  associ¬ 
ated  with  that  ID,  authenticates  the 
caller’s  voice  against  a  voice-print 
database,  retrieves  the  informa- 


“Do  I  want  to  walk  around 
Baghdad  and  be  identified  as  a 
Brit  or  American?”  Simmonds 
said.“Someone  could  embed  it  in 
an  interesting  technology,  like  a 
land  mine.” 

Simmonds,  a  Jericho  Forum 
member,  also  spoke  at  Black  Hat 
on  the  idea  of  “de-perimeteriza- 
tion.”This  alludes  to  a  process  of 
gradually  moving  away  from  the 
use  of  perimeter  defenses  — 
mainly  firewalls  —  for  use  of 
security  controls  such  as 
authentication  and  VPN,  to 
methods  that  bring  controls 
closer  to  actual  data  sources 
and  make  it  easier  to  offer  ac¬ 
cess  to  e-commerce  partners 
and  restrict  data  access. 

The  Jericho  Forum  a  few 
months  ago  announced  it  would 
hold  a  contest  inviting  partici¬ 
pants  to  submit  papers  identify¬ 
ing  methods,  technologies  or 
concepts  that  satisfy  the  frame¬ 
works  the  forum  laid  out  in  its 
own  white  paper. 

The  Jericho  Forum’s  judges 
selected  three  finalists  (see 
graphic).  The  top  winner  was 
AppGate,  with  a  paper  that  de¬ 
fines  how  companies  that  want 
to  move  to  a  de-perimeterized 
world  could  focus  on  controlled 
access  to  systems.  Security  ven¬ 
dor  nCipher  came  in  second 
with  its  own  reference  architec¬ 
ture.  And  a  Jericho  Forum  mem- 


tion  the  caller  requests  and  then 
performs  a  transaction  as  directed 
by  the  caller. 

To  do  all  this,  Call  Fbrtal  com¬ 
municates  with  Web  servers  and 
databases  via  media  resource 
control  protocol  (MRSP),  a  stan¬ 
dard  that  makes  the  software 
more  flexible  than  platforms  that 
use  proprietary  interfaces,  says 
Elizabeth  Herrell,  vice  president 
of  Forrester  Research.  Compet- 


De-perimeterization 
contest  winners 

Jericho  Forum  sought 
entries  that  best  reflected 
the  vision  of  moving 
security  controls  away 
from  the  network 
perimeter  and  more 
deeply  into  the  intranet. 

First  place:  AppGate,  paper 
describing  internal  points  of 
authentication  and  control _ 

Second  place:  nCipher,  academic 
analysis  called  "Safety  in  a  de- 
perimeterized  world." 

Third  place:  German  investment 
bank  DKW  for  theoretical  paper  “Blind 
Public  Key,"  a  concept  for  certificate- 
based  credentials  undergoing  internal 
testing. 


ber,  German  firm  Dresdner  Klein- 
wort  Wasserstein,  placed  third 
with  a  discussion  of  innovations 
associated  with  public-key  cre¬ 
dentials  that  it  is  testing. 

The  papers  can  be  read  at 
www.jerichoforum.org. 

Beyond  PGP 

Among  other  notable  visions  of 
the  future  heard  at  Black  Hat  was 
one  by  Zimmerman,  who  invented 
PGP  encryption  for  commercial 
use  while  sparring  with  the  U.S. 
government  in  the  1990s  for  the 
right  of  the  citizenry  to  use  strong 
encryption.  Before  a  packed  audi¬ 
ence,  Zimmerman,  now  a  consul¬ 
tant,  announced  how  his  next  big 
project  would  be  applying  en¬ 
cryption  for  practical  use  in  what 
would  be  primarily  computer- 
based  VoIP  phones. 

“Every  day  I  can  see  on  my 


itors  include  Genesys  Telecom¬ 
munications  Laboratories,  Voice- 
Genie  Technologies,  Nortel  and 
Intervoice. 

Voice-recognition  software  com¬ 
pany  Gold  Systems  in  Boulder, 
Colo.,  plans  to  use  the  new  Avaya 
platforms  to  create  packaged 
applications  for  sale  to  businesses, 
says  Herb  Morreale,  Gold’s  CTO. 

He  says  the  company  built  an 
application  that  tapped  Amazon. 


console  these  break-in  attempts, 
hopefully  being  repelled,”  Zim¬ 
merman  said.  VoIP  phones  are 
going  to  be  a  target, he  said.“I  saw 
e-mail  needed  to  be  protected 
years  ago  and  that’s  where  PGP 
came  from.” 

He  demonstrated  an  encryp¬ 
tion-based  VoIP  implementation 
for  Macintosh  based  on  using 
VoIP  freeware  that  allowed  users 
to  easily  set  up  an  encrypted  call 
but  emitted  stinging  static  to 
eavesdroppers. 

Zimmerman’s  technology  — 
which  he  says  he  soon  wants  to 
submit  as  an  open  standard  and 
possibly  commercialize  by  offer¬ 
ing  software  for  Macintosh  and 
Windows  —  appears  simple  for 
practical  use. 

It  relies  on  encryption  hash 
technology  to  provide  a  unique 
three-digit  identifier  that  each 
caller  will  receive  when  initiating 
a  VoIP  call.  The  callers  simply 
start  their  conversation  by  shar¬ 
ing  these  identifiers  with  each 
other,  which  prove  there’s  no 
man-in-the-middle  attack,  and  the 
rest  of  the  conversation  is 
encrypted. 

Zimmerman  also  spoke  about 
the  evolution  of  the  encryption 
security  debate  that  raged  back 
in  the  ’90s  as  the  U.S.  government 
sought  extensive  control  over 
commercial  cryptography.  That 
war  has  largely  been  fought  and 
won,  he  noted.  “I  didn’t  see  a 
clampdown  on  crypto  after 
9/11,”  he  said. 

Ultimately,  Attorney  General 
John  Ashcroft  came  down  on 
the  side  of  free  use  of  cryptogra¬ 
phy  This  led  to  greater  liberaliza¬ 
tion  in  the  U.S.,  while  other 
countries,  including  France  and 
Britain,  also  lessened  cryptogra¬ 
phy  controls.  ■ 


corn’s  Web  services  to  access  cus¬ 
tomer  information  via  voice.“With 
Dialog  Designer,  that  is  very  easy 
to  do  as  a  programmer^  he  says. 

Call  Portal  runs  on  Red  Hat 
Linux  Enterprise  3.0  and  can  be 
accessed  via  the  same  Voice  XML 
browser  used  in  Dialog  Designer, 
software  that  developers  use  to 
create  call-flow  applications  and 
test  them  on  a  PC  to  make  sure 
they  work,  Avaya  says. 

Call  Fbrtal,  Dialog  Designer  and 
a  current  Avaya  TDM  voice- 
response  platform,  Interactive 
Response,  share  the  same  Voice 
XML  browser,  so  call  applications 
developed  on  Dialog  Designer 
don’t  behave  differently  when 
they  are  implemented  by  Call 
Portal,  says  Avery  Glasser,  an 
analyst  with  Opus  Research. 
“Little  differences  in  browsers 
can  change  how  an  application 
behaves,”  he  says. 

Call  Portal  includes  Pbrt  Fail¬ 
over  that  allows  standby  servers 
to  jump  in  if  primary  servers 
fail.  Licenses  for  the  primary 
server  are  automatically  shifted 
to  the  standby  server,  making  it 
unnecessary  to  pay  for  licenses 
that  are  mostly  on  standby, 
Glasser  says. 

Call  Fbrtal  is  based  on  IP  and 
supports  Session  Initiation 
Protocol  and  H.323  VoIP  equip¬ 
ment.  This  means  that  businesses 
could  issue  wireless  phones 
rather  than  laptops  to  mobile 
employees  and  they  still  could 
access  data  they  need  from  cor¬ 
porate  servers,  Herrell  says.  Call 
Fbrtal  also  could  save  money  by 
eliminating  live  call  agents. 
‘Anytime  you’re  automating  a  ser¬ 
vice,  it  costs  a  lot  less  than  having 
human  assistance  on  the  other 
end,”  she  says. 

Call  Fbrtal  costs  $900  per  port, 
and  Dialog  Designer  comes  with  it 
for  free.  Customers  of  Avaya’s 
Interactive  Response  software 
who  have  a  maintenance  contract 
can  swap  for  Call  Fbrtal  at  no  extra 
charge.* 
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Time  change  poses  no  Y2K  replay 


BY  STACY  COWLEY,  IDG  NEWS 
SERVICE 

A  bill  expected  to  gain 
approval  from  Congress  soon 
means  some  programmers 
would  again  need  to  check  their 
code  for  potential  problems  han¬ 
dling  a  calendar  adjustment. 
Congress  is  proposing  a  four- 
week  extension  of  daylight-sav¬ 
ing  time  (DST),  a  move  that 
could  trip  up  applications  and 
gadgets  programmed  to  adjust 
their  internal  clocks  according  to 
the  summer  time  schedule  that 
the  U.S.  has  kept  for  nearly  two 
decades. 

The  IT  industry  will  have  plenty 
of  time  to  prepare  for  the  change: 
The  extension  would  take  effect 
one  year  after  enactment  of  the 
Energy  Fblicy  Act  of  2005,  which 
likely  means  a  2007  start  date  for 
the  new  DST  schedule.The  energy 
bill  won  approval  last  week  in  a 
joint  Senate/House  conference 
committee. 

The  change  would  shift  DST’s 
start  from  April  to  March  and 
move  its  end  from  October  to 
November.Those  extra  few  weeks 
of  DST  will  save  100,000  barrels 
of  oil  a  day  according  to  legisla¬ 
tors  backing  the  change. 

It  will  also  confuse  programs 
set  to  automatically  handle  DST 


‘Spring  ahead’ 
earlier,  ‘fall  back’ 
later 

Extended  daylight-saving 
time  would  start  three 
weeks  earlier,  end  a  week 
later  and  perhaps  cause 
problems  with  computer 
systems. 

Current  DST: 

•  Begins  first  Sunday  of  April. 

•  Ends  last  Sunday  of  October. 

Propnsed  new  DST: 

•  Begins  second  Sunday  in  March. 

•  Ends  first  Sunday  in  November, 


Three  weeks 
earlier  ◄ — 

April 

S  M  T  W  T  F  S 

October 

S  M  T  W  T 

One  week 
slater 


hours.  Springtime  changes,  ob¬ 
served  in  patchwork  fashion 
around  the  world,  have  always 
been  an  annoyance  for  program¬ 
mers  and  systems  administrators: 
Online  support  groups  are  full  of 
workarounds  and  suggestions  for 


an  assortment  of  DST-related 
glitches.  For  example,  Ciscos 
technical  support  has  pages  of 
detailed  technical  information 
about  solving  DST  problems 
afflicting  its  servers  and  routers, 
while  Oracle’s  online  discussion 
forum  is  filled  with  posts  from 
developers  seeking  help  han¬ 
dling  esoteric  DST  challenges. 

Many  applications  rely  on  the 
operating  system  to  maintain  an 
accurate  clock,  meaning 
Microsoft  will  play  a  critical  role 
in  keeping  the  world’s  computers 
running  on  time  if  DST  hours 
change.The  company  says  it’s  not 
worried.  “We’re  aware  of  the 
upcoming  change  and  will  make 
sure  that  Windows  handles  the 
transition  smoothly”  says  Peter 
Houston,  Microsoft’s  senior  direc¬ 
tor  of  servicing  strategy 

“Smoothly”  doesn’t  necessarily 
translate  to  “flawlessly  Microsoft’s 
support  Web  site  contains  dozens 
of  articles  related  to  DST  hic¬ 
cups,  varying  from  broad  prob¬ 
lems  —  some  multiprocessor 
computers  running  Windows  NT 
4.0  Service  Pack  4  or  5  have  trou¬ 
ble  adjusting  to  DST  —  to  minor 
oddities.  In  Windows  Millennium 
Edition,  the  operating  systems’ 
DST  adjustment  accidentally 
reset  HTML  wallpaper  back¬ 


ground  images  to  a  bitmap  file. 

Still,  no  one  in  the  industry  is 
expecting  Y2K-bug-like  chaos 
and  expense.  Representatives 
from  research  firms  Gartner  and 
Forrester  Research  said  none  of 
their  analysts  are  studying  the 
impact  of  a  DST  schedule 
change,  while  several  major  ven¬ 
dors  says  the  effects  would  be 
slight.  “We  view  the  proposed 
change  in  DST  as  minor”  says 
Computer  Associates  spokesman 
Bob  Gordon.  “Most  of  our  prod¬ 
ucts  rely  on  the  operating  system 
DST  determination.  When  the 
operating  systems  are  updated  to 
recognize  the  new  dates,  most  of 
our  products  would  automatical¬ 
ly  use  the  updated  information.” 

For  savvy  developers,  the  loom¬ 
ing  DST  change  could  even  pre¬ 
sent  a  business  opportunityA  dis¬ 
cussion  on  technology  news  site 
Slashdot  about  DST  effects  drew 
hundreds  of  comments,  includ¬ 
ing  one  from  a  consultant  who, 
having  missed  the  Y2K  gravy 
boat,  was  determined  to  snag  a 
piece  of  the  DST  market.  “You 
might  say  there  is  nothing  to  real¬ 
ly  worry  about  here,  but  all  the 
more  reason  to  sell  yourself  to 
clients,”  the  poster  wrote.“If  there 
is  no  real  threat,  there  is  no  dan¬ 
ger  you  will  fail.”  ■ 


Windows  x64  calls  for  32-bit  rewrites 


BY  ROBERT  MCMILLAN,  IDG  NEWS  SERVICE 

Companies  looking  to  become  early 
adopters  of  Microsoft’s  Windows  x64  Edition 
operating  systems  might  find  that  their  favorite 
anti-virus  software  no  longer  works  on  their 
new  desktops. 

Though  Microsoft  maintains  that  most  soft¬ 
ware  written  for  older,  32-bit  versions  of 
Windows  are  compatible  with  the  64-bit  ver¬ 
sion,  released  in  April,  changes  to  the  kernel  of 
Windows  means  that  certain  types  of  software 
need  to  be  rewritten  for  the  64-bit  versions. 

“Every  time  that  we  do  a  major  shift  in  the 
kernel . . .any  software  that  runs  in  kernel  mode 
needs  to  be  rewritten,”  says  Brian  Marr,  senior 
product  manager  in  Microsoft’s  Windows 
Client  group. 

With  the  x64  versions  of  Windows,  device 
drivers  and  anti-virus  software,  in  particular, 
will  need  to  be  rewritten.  “Beyond  that,  there 
aren’t  too  many  types  of  applications  that 
hook  into  the  Windows  kernel  that  deeply’ 
Marr  says. 

So  companies  that  use  products  such  as 


McAfee’s  Internet  Security  Suite  or  Trend 
Micro’s  PC-cillin  Internet  Security  will  have  to 
wait  until  2006,  when  the  first  x64  Edition  prod¬ 
ucts  from  these  companies  are  expected  to 
ship.  Enterprise  customers  can  purchase 
Symantec’s  AntiVirus  Corporate  Edition  10, 
which  supports  x64  Windows.  Symantec  repre¬ 
sentatives  were  not  able  to  say  whether 
Symantec  planned  to  create  a  64-bit  version  of 
its  anti-virus  software  for  small  business  or 
home  users. 

Hoping  to  capitalize  on  the  gap  in  anti-virus 
products,  Eset  last  week  released  a  version  of 
its  NOD32  software  for  64-bit  systems.  Eset’s 
software  is  able  to  determine  whether  it’s 
being  used  in  32-  or  64-bit  mode,  and  both 
types  of  systems  can  be  managed  by  a  single 
piece  of  management  software,  called  the 
NOD32  Remote  Administrator.  “The  64-bit  sup¬ 
port  that  we  provide  is  pretty  much  seamless 
to  the  userj’ says  Andi  Lee,  Eset’s  CTO. 

Lee  acknowledges  that,  to  date,  there  have 
been  few  vulnerabilities  found  for  64-bit  ver¬ 
sions  of  Windows  and  that  the  platform  might 


be  less  appealing  to  attackers  because  it  has  so 
few  users.  But  he  believes  that  early  adopters 
are  going  to  want  anti-virus  software,  and  that 
the  lack  of  options  is  going  to  surprise  some 
users.  “One  of  the  biggest  pains  is  going  to  be 
the  fact  that  a  lot  of  the  big  players  don’t  have 
an  [anti-virus]  solution,”  he  says. 

Still,  that  pain  will  be  limited  to  a  fairly  small 
group  of  desktop  users,  Microsoft’s  Marr  says. 
Microsoft  expects  that  until  the  release  of 
Windows  Vista,  which  is  expected  in  late  2006, 
64-bit  computing  on  Windows  computing  will 
be  confined  to  the  “ultra  high-end  user  in  the 
business  space,”  he  says. 

“We  do  expect  64-bit  computing  to  become 
more  mainstream,”  he  says.“I  think  that  time  is 
probably  more  in  the  [Windows  Vista]  time- 
frame,”  he  says. 

And  while  there  might  be  problems  for  users 
in  the  interim,  once  64-bit  anti-virus  products 
hit  the  mainstream,  Microsoft  expects  users 
will  see  some  security-related  performance 
improvements.  Encryption,  for  example, 
should  be  noticeably  faster,  Marr  says.  ■ 
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Additional  hard  drives  sold  separately 


HP  ProLiant  DL380  G4 
Storage  Server  (NAS) 


HP  StorageWorks™  Ultrium  960  External  SCSI 
Tape  Drive 


Computer  Associates0  BrightStor® 
ARCserve®  Backup  rll.1  for  Windows 


Delivers  quick  and  simple  storage  with  multi¬ 
protocol  file  support  and  storage  management 
Standard  one  Modular  Smart  Array  20 
enclosure  complete  with  dual  power  supply  and 
four  250GB,  7200  rpm  one-inch  drives  (1TB) 
Utilizes  the  Windows'  Storage  Server  2003 
operating  system  to  add  increased  storage 
management  functionality,  data  protection, 
and  enhanced  performance  and  print  services 


Capacity:  400/800GB' 

External  LTO-3  tape  drive 

High  capacity-meets  the  backup  storage  needs  for 
most  servers  with  a  single  data  cartridge 
Ultra  fast  performance-backup  more  data  in  less  time 
with  a  transfer  rate  of  160MBps 


Multiplexing  for  increased  performance  in  a 

networked  environment 

Disk-to-disk  backup 

Virus-free  protection 

Easy  plug-and-play  installation 

Integrated  support  for  Microsoft®  VSS 


Full  version 


CDW  686793 


$957947 


$529977 


CDW  710535 


CDW  721869 


The  Storage  Solutions  You  Need  When  You  Need  Them. 

We  don't  have  to  tell  you  that  data  loss  can  be  a  financial  blow  to  any  company.  And  with  more  data 
.being  stored,  more  assets  are  at  stake.  CDW  has  a  full  line  of  top-name  storage  solutions  that  can  help  you 
increase  capacity  and  reduce  risk.  And  our  account  managers  have  the  expertise  to  ensure  you  get  the  right 
solution  for  your  needs.  So  you  don't  just  get  secure  storage,  you  get  peace  of  mind. 


The  Right  Technology.  Right  Away.  ” 

CDW.com  •  800.399.4CDW 

In  Canada,  call  888.898.CDWC  •  CDW.ca 


Assumes  2:1  compression  ratio  Download  a  FREE  trial  version  at  CDW.com/tryca.  Includes  1  -year  maintenance  with  24  *  7  technical  phone  support  and  upgrade  protection. 
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Apps  acceleration  market  in  flux 


Buyout  acceleration 

A  series  of  acquisitions  in  the  application  acceleration  market,  which  grew 
past  $1  billion  last  year  according  to  Gartner,  has  changed  the  market's  landscape. 


Company 

Technology 

Bought  by 

Amount 

Perabit 

WAN  traffic  acceleration 

Juniper  (April) 

$337  million 

Redline 

WAN  acceleration,  load  balancing 

Juniper  (April) 

$132  million 

FineGround 

WAN  acceleration 

Cisco  (May) 

$70  million 

NetScaler 

LAN/WAN  acceleration,  load  balancing 

Citrix  (June) 

$300  million 

Who'sleft 


Crescendo 

Load  balancing,  server  processing  offload 

F5 

Load  balancing,  compression,  traffic  acceleration 

Packeteer 

WAN  traffic  optimization 

Radware 

Traffic  acceleration,  load  balancing 

BY  PHIL  HOCHMUTH 

A  run  on  acquisitions  of  WAN/LAN  accel¬ 
eration  vendors  is  causing  confusion  for 
those  exploring  the  technology,  which 
promises  to  speed  key  corporate  applica¬ 
tions,  experts  say 

But  those  with  such  gear  already  up 
and  running  have  few  complaints. 

Just  as  this  market’s  picture  was  becom¬ 
ing  clearer,  Juniper,  Cisco  and  Citrix  shook 
the  Etch-A-Sketch.  Juniper  bought  emerging 
application  acceleration  vendors  RedLine 
and  Feribit  in  April  for  a  combined  $469 
million,  while  Cisco  bought  WAN  traffic 
accelerator  FineGround  for  $70  million. 
And  in  a  move  counter  to  the  norm  in  the 
networking  market,  software  vendor  Citrix, 
which  sells  terminal  server/thin-client  host¬ 
ing  software,  bought  out  NetScaler,  a  high- 
end  Layer  4-7/application  acceleration  box 
maker,  for  $300  million. 

When  tallied  up,  the  buyouts  equal  86%  of 
the  2004  application  acceleration  market. 

Ties  between  hardware  and  software  ven¬ 
dors  also  tightened  more  recently  as  F5  last 
week  announced  a  deal  where  Oracle  will 
provide  full  support  for  customers  acceler¬ 
ating  Oracle  databases  on  F5  gear. 
Additionally  Cisco  launched  an  entirely 
new  business  unit  around  speeding  up  cor¬ 


porate  apps  through  hardware  — 
Application  Oriented  Networking  —  and 
partnered  with  IBM,  SARTibco  and  other 
software  vendors  in  the  effort. 

One  of  the  challenges  of  the  application 
acceleration  vendors  has  been  defining 
exactly  what  their  products  plug  into  and 
what  they  do.  Some,  such  as  NetScaler  and 
RedLine,  offer  devices  that  sit  in  front  of 
banks  of  servers  and  provide  multiple  ser¬ 
vices,  such  as  Layer  4-7  switching  and  load 
balancing,  HTTP  and  non-Web-based  traf¬ 
fic  compression,  as  well  as  SSL  VPN  ser¬ 
vices  and  TCP/IP  connection  termination. 
Other  gear, such  as  Peribit  and  FineGround 
devices,  sit  on  both  ends  of  a  WAN  link 
and  optimize  traffic  for  remote  sites  con¬ 
nected  to  a  corporate  data  center  —  pro¬ 
viding  compression  and  security  features. 

According  to  Gartner,  the  market  for 
these  products  came  into  its  own  last  year 
when  it  reached  $967  million  worldwide. 
Acceleration  gear,  which  sits  only  in  a  data 
center,  accounted  for  more  than  half  that 
amount,  while  WAN  optimization  prod¬ 
ucts,  which  are  deployed  in  both  the  data 
center  and  remote  locations,  made  up  the 
balance. 

As  customers  install  more  of  these  prod¬ 
ucts,  and  large  networking  vendors  inte¬ 


grate  the  services  into  current  gear,  the  vari¬ 
ous  functions  these  devices  provide  — 
TCP/IP  connection  management,  SSL 
offload,  caching  and  compression  —  will 
be  consolidated,  experts  say 
“Over  time  [these]  functions  will  con¬ 
verge  onto  a  single  platform,”  says  Joe 
Skorupa,  principal  analyst  at  Gartner.  “The 
trend  toward  platforms  that  deliver  four  or 
more  functions  will  accelerate  as  customers 
strive  to  simplify  their  infrastructure.” 


In  the  meantime,  the  spate  of  acquisitions 
in  the  market  is  causing  confusion  among 
potential  buyers  of  application  accelera¬ 
tion  technology  some  say  This  could  make 
it  hard  for  vendors,  especially  some  of  the 
more  established  independent  vendors  still 
remaining,  such  as  F5,  Radware  and 
Packeteer,  to  sell  this  technology 
“We  have  seen  a  lot  of  confusion  with  our 
customers,  resellers  and  value-added  dis- 
See  Acceleration,  page  20 


Expand  Networks  adds  WAFS  support 


Short  Takes 


■  Arbor  Networks  next  month  plans 
to  unveil  PeakflowX  UserTracking,  a 
capability  in  the  PeakflowX  intrusion- 
prevention  appliance  that  will  track 
insider  misuse  of  the  intranet.  The 
UserTracking  feature  will  measure 
individual  network  usage  and  identify 
illegal  access  to  data  resources. 
PeakflowX  IPS  costs  $60,000. 

■  ForeScout  Technologies  last 

week  announced  CounterACT  5.0,  its 
network-based  security  appliance 
deployed  at  the  access  switch  that 
provides  access  control.  CounterACT 
5.0,  which  costs  $12,000,  adds  active- 
response  modules  that  scan  the  net¬ 
work  for  vulnerabilities  and  ensure 
anti-virus  and  software  patches  are 
up  to  date  on  host  computers. 


New  gear  caches 
files  locally,  syncs 
with  central  servers. 

BY  TIM  GREENE 

Expand  Networks  this  week  is  expected 
to  announce  support  for  wide-area  file  ser¬ 
vices  that  can  help  businesses  save  money 
by  consolidating  servers  into  data  centers 
rather  than  maintaining  servers  at  branch 
offices. 

To  accomplish  this, Expand  is  introducing 
three  Expand  Accelerator  hardware  appli¬ 
ances,  as  well  as  software  designed  to  boost 
the  speed  of  Microsoft-based  file  transfers. 
The  hardware  includes  hard  drives  for 
caching  frequently  and  recently  used  files 
locally  so  they  don’t  have  to  cross  the  WAN 
each  time  they  are  accessed. 


The  software  synchronizes  changes 
made  in  branches  with  the  master  files 
stored  on  central  servers  so  the  next  per¬ 
son  to  access  the  file  gets  the  current  ver¬ 
sion.  To  sync  files,  the  devices  send  only 
the  data  that  changed,  not  the  entire  file, 
minimizing  how  much  data  crosses  the 
wide-area  connection. 

The  software  accelerates  Microsoft’s 
Common  Internet  File  System  (C1FS)  pro¬ 
tocol  that  is  used  for  transferring  files.  CIFS 
is  designed  for  use  on  LANs,  and  its  chatty 
nature  tends  to  slow  traffic  on  WANs 
because  each  back-and-forth  exchange 
has  to  cross  constricted  links  that  are  sub¬ 
ject  to  congestion  and  network  delay. 

Other  vendors  such  as  Riverbed 
Networks  and  Swan  Labs  are  adding  WAFS 
capabilities  to  their  products,  which  were 
originally  designed  to  make  more  efficient 
use  of  WAN  links  for  general  traffic,  says 


Joe  Scorupa.an  analyst  with  Gartner. WAFS 
is  geared  for  optimizing  file  transfers 
across  the  WAN,  and  Tacit  Networks  is  spe¬ 
cializing  in  it,  he  says.  Cisco,  Juniper  and 
HP  are  adding  WAFS  technology  to  their 
lineups,  Scorupa  says,  and  might  wind  up 
supporting  WAFS  with  blades  in  routers. 

One  Expand  customer  that  already  used 
its  WAN  acceleration  appliances  to  speed 
links  between  its  data  center  in  Missouri 
and  call  centers  in  Jamaica  and  Panama  is 
considering  the  new  Expand  devices  for 
their  WAFS  capabilities  that  would  let  the 
company  consolidate  its  servers. 

The  devices  would  allow  the  company 
to  pull  servers  out  of  the  call  centers 
where  supervisors  write  and  store  reports 
and  instead  centralize  them  at  the  data 
center,  says  Andy  Ellsworth,  network  engi¬ 
neer  for  National  Asset  Recovery’  Services 
See  Expand,  page  20 
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Confusion  is  essence  of  Cisco's  AON 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


In  these  first  few  weeks  of 
Cisco’s  Application-Oriented 
Network  era,  one  of  the  biggest 
challenges  has  been  to  under¬ 
stand  what  AON  really  is.  While 
the  name  strongly  suggests  an 
“awareness"  of  applications,  the 
reality  is  that  AON  is  an  applica¬ 
tion,  which  is  another  matter 
indeed. 

The  general  consensus,!  found, 
from  a  number  of  veteran  Cisco 
watchers  and  competitors  was 
“confusion”  after  absorbing  the 
initial  marketing  blizzard  from 
Cisco.  So  many  words,  so  little 


information. 

In  fact,  one  of  the  few  concrete 
elements  I  could  find  in  my 
search  for  the  essence  of  AON 
was  the  phrase  “Intelligent 
Message  Routing.”  This,  we  are 
told,  is  the  “breakthrough  tech¬ 
nology”  that  delivers  more  than 
the  type  of  application  aware¬ 
ness  found  with  devices  such  as 
load  balancers. 

Where  a  load  balancer,  for 
example,  would  simply  inspect  a 
packet  and  make  a  decision 
(such  as  sending  the  stream  to 
the  least  busy  server),  an  AON- 
class  device  would  work  at  the 
“message”  level. 

That  is,  the  AON  module  would 
terminate  the  connection,  gather 
up  the  packets  and  reassemble 
them  into  a  complete  message. 
The  AON  device  might  then  refor¬ 
mat  a  message  (by  remapping, 


adding  or  deleting  fields)  so  that 
an  application  incompatible  with 
the  original  sender  could  now 
read  it.  AON  would  then,  it  seems, 
initiate  communications  with  the 
destination  application. 

Cisco  might  call  this  “applica¬ 
tion  oriented,”  but  I  think  most 
of  us  would  call  it  an  applica¬ 
tion. To  be  implemented  proper¬ 
ly,  this  application  would  need 
queuing  mechanisms,  disk- 
based  input/output  for  interme¬ 
diate  storage,  transaction  roll¬ 
back  and  recovery,  and  so  forth. 
In  short,  you’d  need  the  same 
sophisticated  functions  that 
application  programmers  count 
on  the  OS  and  middleware  ven¬ 
dors  to  provide. 

Think  for  a  moment  how  many 
aggregate  development  dollars 
have  gone  into  the  hardware  and 
software  for  even  the  most  mod¬ 


est  Dell  servers  that  one  could 
buy  to  run  a  “transform*1  applica¬ 
tion.  I  wouldn’t  hazard  an  exact 
guess  but  it  has  to  be  north  of  $1 
billion. 

Given  that  all  communications 
“up  and  down”  the  stack  will  use 
standard  Ethernet  connectivity 
and  IP  —  and  station-to-station 
latency  across  Gigabit  Ethernet  is 
miniscule  —  there  is  no  likely 
performance  benefit  to  be  had 
from  the  tightly  coupled  AON  sys¬ 
tem.  On  the  contrary,  if  Cisco  puts 
too  many  AON  hooks  into  its 
core  switches  and  routers,  it 
could  slow  all  traffic. 

Ask  yourself:  Does  it  make  more 
sense  to  put  a  switch  in  your  server 
or  a  server  in  your  switch? 
Common  sense  would  support  the 
former;  Cisco  proposes  the  latter. 

With  this  in  mind,  the  press 
release  quotes  are  more  telling. 


An  IBM  quote  addressed  the  ques¬ 
tion  by  avoiding  it  and  saying 
nothing  —  “IBM’s  collaborative 
efforts  with  Cisco  in  support  of 
AON  will  allow  WebSphere  and 
Cisco  customers  to  capitalize  on 
this  emerging  architecture  to 
reduce  complexity,  consolidate  IT, 
and  improve  performance.” 

One  of  the  few  quotes  with  any 
specifics,  from  BT  Radianz,  noted 
that  they  would  use  AON  to“mon- 
itor  and  report”  (not  transform) 
Financial  Information  Exchange 
records.  Not  too  compelling, 
either. 

With  endorsements  like  these, 
who  needs  critics? 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktoHy@tolly.com. 


Expand 

continued  from  page  19 

in  Chesterfield,  Mo.“It  would  be  nice  to  have  the  data  secured  in  the 
[U.S.]  and  cached  on  the  Expand  boxes  as  a  way  to  give  supervisors 
access  remotely’  he  says. 

The  new  Expand  gear  might  help  further  reduce  National  Asset 
Recovery’s  cost  of  remote  equipment  maintenance  by  replacing  DNS, 
DHCP  and  print  servers,  all  of  which  are  integrated  in  the  new  Expand 
devices,  Ellsworth  says. 

The  Expand  boxes  also  optimize  traffic  between  Citrix  client 
machines  and  servers,  boosting  performance  across  WANs.  For  busi¬ 
nesses  that  use  Citrix  to  reduce  the  number  of  servers  in  their  net¬ 
works, as  well  as  the  number  of  full  application  clients  on  PCs, this  can 
boost  performance.  Ellsworth  says  he  runs  Citrix  traffic  over  Expand 
Accelerators  and  they  cut  WAN  traffic  by  a  third.  He  says  he  expects 
further  but  less  dramatic  reductions  with  the  Citrix  software. 

Expand’s  gear  can  be 
deployed  to  support 
both  WAN  optimization 
and  WAFS,  or  just  one  of 
them.  The  new  Accel¬ 
erator  hardware  sup¬ 
ports  both,  and  the  old 
Accelerator  supports  just 
WAN  optimization,  the 
company  says.  It  will 
continue  to  sell  both. 

Businesses  sometimes 
want  these  functions 
separated  because  the 
WAN  optimization  is  handled  by  network  groups  and  WAFS  is  han¬ 
dled  by  storage  groups.  Keeping  the  devices  separate  prevents  the  two 
groups  from  conflicting,  Gartner’s  Scorupa  says. 

The  three  new  Expand  appliances,  Accelerator  4920,6910  and  6940, 
are  in  beta  testing.The  4920  supports  up  to  2M  bit/sec  links,  10  remote 
sites  and  has  a  160G  byte  hard  drive.  Pricing  starts  at  $4,500.The  6910 
supports  up  to  10M  bit/sec  links,  50  remote  sites  and  has  a  400G  byte 
hard  drive.  Pricing  starts  at  $12,000.The  6940  supports  links  up  to  20M 
bit/sec,  200  remote  sites  and  has  a  400G  byte  hard  drive.  Pricing  starts 
at  $20,000.  m 


Expand  Networks'  Accelerator  4920, 6910  and 
6940  are  tuned  for  wide-area  file  services. 


Acceleration 
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tributors,  as  they  sought  to  get  a  better  understand¬ 
ing  of  the  recent  changes  in  the  market,”  says 
Radware  President  and  CEO  Roy  Zisapel.  Earlier  this 
month,  the  company  warned  it  would  miss  Wall 
Street  earnings  expectations,  attributing  the  rough 
times  “primarily  to  the  recent  acquisition  activity  in 
the  overall  application-networking  space.” 

Other  recent  reports  by  market  analysts  say  there  is 
huge  potential  in  the  market,  but  more  intense  com¬ 
petition  since  Juniper  and  Cisco  entered  the  game.  A 
recent  report  by  investment  research  firm  Piper 
Jaffry  calls  the  acceleration  market  “one  of  the  best¬ 
performing  sectors  within  the  networking  universe” 
but  also  said  it  would  be  rough  going  for  vendors 
such  as  F5  until  the  dust  settles. 

Standard  and  Poor’s  Equity  Research  concurs, 
adding  in  a  report  that  the  Cisco,  Juniper  and  Citrix 
deals  “have  disrupted  the  competitive  environment 
through  delaying  customer  buying  decisions.” 

“We  haven’t  heard  of  any  confusion  with  our  cus¬ 
tomers  or  potential  customers, ’’says  Jason  Needham, 
director  of  product  management  for  F5.“I  think  the 
acquisitions  in  the  market  have  shown  that  this  tech¬ 
nology  is  of  high  value  to  customers.  More  people 
are  seeing  the  value  of  planning  their  network  archi¬ 
tecture  with  applications  in  mind.” 

Customers  running  acceleration  gear  up  say  the 
payback  on  such  equipment  is  immediate. 

Serono,  a  Switzerland-based  biotech  firm,  has  5,000 
employees,  with  more  than  a  quarter  of  them  work¬ 
ing  remotely  in  50  sites  across  40  countries.The  firm 
last  year  installed  devices  from  RedLine  networks  to 
front  its  key  application  servers,  which  deliver  e-mail, 
Siebel  CRM  applications  and  other  software  via  Web- 
based  interfaces  and  portals. 

The  traffic  compression  the  RedLine  device  pro¬ 
vides  has  boosted  response  time  of  the  company’s 
Web-based  applications  while  freeing  up  bandwidth 


over  its  WAN  pipes,  according  to  Rael  Paster,  head  of 
collaboration  services  at  Serono. 

“We  saw  a  93%  performance  gain  over  our  WAN 
links”  after  turning  on  traffic  compression,  Paster  says. 

Companies  that  have  installed  acceleration  gear 
also  praise  the  technology  for  its  load-balancing  and 
advanced  features  for  handling  IP  addresses. 

Devices  from  NetScaler  were  recently  installed  at 
ProHealthcare,  a  healthcare  management  company 
in  Waukesha,  Wis.,  with  more  than  5,000  employees. 
Instead  of  pushing  applications  out  to  remote  users 
over  the  Web,  ProHealthcare  was  moving  its  LAN  and 
campuses-based  patient  management  system,  sup¬ 
plied  by  IDX,  from  green-screen  terminal  emulation 
to  a  browser-based  interface. 

The  trick,  says  Cynthia  Overby  manager  of  network 
services,  was  making  the  organization’s  high-end  HP 
Himalaya  mainframe  act  more  like  a  Web  server. 
When  the  application  was  switched  from  green- 
screen  window  on  PCs  to  browsers,  the  Himalaya 
still  handled  the  clients  like  terminal-emulated 
clients;  the  mainframe  required  a  fixed  IP  address 
linking  the  PC  and  the  server. 

“This  slowed  down  performance  by  about  30%”vs. 
the  old  green-screen  application,  Overby  says.  It  also 
limited  the  number  of  connections  to  2,456,  which 
was  the  limit  of  IP-based  clients  the  mainframe 
could  handle.  Putting  a  NetScaler  box  in  front  of  the 
Himalaya  allowed  IP  addresses  to  be  dynamically 
distributed  and  eliminated  cap  on  the  number  of 
client  connections.  The  device  also  balanced  the 
traffic  load  of  IDX  packets  among  the  seven  IDX  serv¬ 
er  instances  running  on  the  mainframe,  Overby  says. 
Compression  helps,  too,  shrinking  the  browser-based 
traffic,  which  has  freed  up  LAN  bandwidth  by  25%. 
The  NetScaler  device  also  provides  SSL  traffic 
encryption,  required  by  federal  law  for  patient 
records.  This  has  freed  up  CPU  cycles  on  the 
Himalaya  to  process  more  IDX  application  bits.  “All 
of  this  greatly  improved  the  overall  performance  of 
the  system,”  Overby  says.  ■ 
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performance 
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IBM  xoob  packs  power  in 
a  slim  server  framework 


BY  JOHN  BASS,  NETWORK  WORLD  LAB  ALLIANCE 

If  you  are  looking  for  lots  of  server  power  packed  into  a  small  space,  look  no 
further  than  the  IBM  xServer  336  series.  In  our  tests,  we  were  impressed  with 
its  solid  performance,  a  great  physical  design  and  management  features. 


The  Breakdown 


Performance  40% 

4.5  Scoring  Key: 

Serviceability  30% 

4  5:  Exceptional 

Management  20% 

■*»  Vol  j  gUUU 

^  3:  Average 

Documentation  10% 

4  2:  Below  average 

Total  score 

4  2  1:  Consistently  subpar 

The  server’s  single-rack  space  form  will  be  attractive  for 
enterprise  applications  where  two-processor  servers  are 
needed  yet  space  is  a  premium.  For  example,  businesses 
with  many  CPU-intensive  Web  and  database  applications 
that  require  dedicated  servers  would  benefit  from  the  x336. 

The  server  packs  two  3.6-GHz  processors,  two  PCI-X  slots 
(we  had  one  64-bit  133-MHz  slot  and  one  64-bit  100-MHz 
slot),  two  Gigabit  ports  and  two  3.5-inch  drive  slots  in  one 
1.75-inch  vertical  rack  space.  The  server  we  tested  also 
included  4G  bytes  of  400-MHz  DDR2  synchronous  dynam¬ 
ic  DRAM. 

In  the  test,  we  could  saturate  the  dual  Gigabit  Ethernet 
interfaces  with  1 .96G  bit/sec  of  trafficThe  server  performed 
well, supporting  nearly  760  SSL  transactions  per  second.  In 
our  I/O  subsystem  test,  the  x336  could  support  102  transac- 


Tests  were  executed  with  Spirent’s  Avalanche 
2500  (operating  system  Version  621 12,  product 
Version  6.51,  two  CPUs)  and  Avalanche 
Commander  v6.51  Build  34500. 

The  server  under  test  included  Internet  Informa¬ 
tion  Server  (IIS)  on  Windows  Server  2003.  All  IIS  log¬ 
ging  was  disabled  to  increase  Web  performance. 

We  ran  three  tests  to  focus  on  the  three  main  sub¬ 
systems  of  the  server:  CPU  performance,  network 
adapter  and  disk  I/O.  The  CPU  test  consists  of  SSL 
transactions  triggered  by  HTTPS  requests  for  small 
files,  about  IK  byte  in  size.  The  goal  was  to  load 
down  the  CPU  down  with  SSL  encryption  key  cal- 
culations.The  small  file  request  reduced  the  load  on 
the  disk  I/O  and  network  subsystems. 

The  disk  I/O  subsystem  test  submitted  random 
HTTP  requests  of  small  files  in  a  large  file  space. The 
file  space  (dataset)  size  was  ideally  more  than  four 
times  the  amount  of  physical  memory  to  minimize 
the  effects  of  caching.  The  small  file  requests  mini¬ 
mized  the  workload  on  the  network  subsystem.The 
HTTP  requests  minimized  the  load  on  the  CPU  sub¬ 
system. 

The  network  subsystem  test  executed  HTTP 
requests  of  35M-byte  files.  The  goal  of  this  test  is  to 
fully  utilize  the  available  bandwidth  of  the  server. 

_ 


tions  per  second,  with  an  average  disk  queue  length  greater 
than  five.  Comparing  this  with  other  servers,  our  1-year-old 
server  could  sustain  only  45  transactions  per  second. 
(Note:  Results  are  for  relative  performance  only  not  to 
determine  absolute  server  load  capacity  Our  results  can 
show  whether  one  server  is  more  powerful  than  another. 
They  can’t  show  how  many  users  can  be  serviced, since  the 
test  methodology  may  not  simulate  the  application  used.) 

Finding  errors  quickly 

We  were  impressed  with  the  system’s  “light  path  diagnos- 


The  back  of  the  chassis  houses  two  hot-swappable,  load¬ 
balancing  power  supplies,  a  serial  port, VGA  port,  two  USB 
2.0  ports,  mouse  and  keyboard  port,  the  two  Gigabit 
Ethernet  ports,  a  10/100  management  Ethernet  port  and 
card  edges  for  the  two  PCI-X  slots.The  power  supplies  were 
easy  to  remove  and  replace.If  using  two  power  supplies, the 
two  share  the  load,  and  if  one  fails,  the  server  can  continue 
to  run  off  the  lone  supply 

Managing  the  server 


tic”  troubleshooting  aid,  which  made  fixing  failed  compo¬ 
nents  fast  and  easy  When  the  retractable  operator  informa¬ 
tion  panel  extends  from  the  chassis,  LEDs  become  visible, 
indicating  whether  the  server  subsystem  is  the  source  of  a 
system  error.  A  “remind”  button  lets  the  user  acknowledge 
the  system  error,  which  clears  the  error  LEDs  and  causes 
the  system-error  LED 
on  the  front 
panel  to  blink 
every  two  sec¬ 
onds  until  the 
error  is  cleared. 

If  a  new  error 
occurs,  the  front  sys¬ 
tem-error  LED  panel  lights 
up.  The  error  LEDs  indicate 
individual  components  in  an  error 

state.  For  example,  if  a  The  xServer  336  includes  two 
RAM  module  fails,  the  sys-  processors  in  a  single  rack. 

tem-error  LED  lights.  After 

you  extend  the  information  panel,  the  MEM  error  LED  light 
is  visible.  After  opening  the  chassis,  a  lit  LED  beside  the 
failed  RAM  module  indicates  the  problem. 

Under  the  hood 

After  opening  the  large  removable  cover  (the  cover  is 
easy  to  remove,  but  it  takes  some  effort  to  close,  as  it  tends 
to  get  hung  up  in  the  fan  access  doors), the  system’s  proces¬ 
sors,  RAM,  PCI-X  slots  and  component  error  LEDs  are 
revealed.  The  components  were  neatly  laid  out,  with  no 
cables  to  route  or  get  bound  in  the  chassis  cover.  Two 
hinged  doors  on  the  top  of  the  server  provide  access  to 
redundant  fans,  which  can  be  hot  swapped  in  case  of  fail¬ 
ure.  Early  dual-processor  single-rack  space  servers  (regard¬ 
less  of  vendor)  had  a  cooling  problem,  and  it  appears  that 
IBM  has  done  a  good  job  in  addressing  this  issue. 


IBM’s  Director  Version  4.21  is  used  to  manage  its  server 
line.The  server  and  console  portion  is  installed  on  the  serv¬ 
er  used  to  manage  the  other  servers,  and  the  agent  portion 
gets  installed  on  the  server  being  managed.  Linux  and 
Windows  versions  of  the  IBM  Director  components  are 
available. 

The  management  server  is  very  powerful,  but  this 
comes  with  a  cost.  The  server  and  console 
components  are  rather  large  and 
take  some  time  to  install.  If 
you  have  only  one  or 
two  IBM  servers 
to  manage,  this 
might  seem  like 
too  much  over¬ 
head.  Unfortunately  there 
doesn’t  seem  to  be  a  solution  (such  as  an  IBM 
Director  Lite).  Other  than  that,  the  Director  application 
gave  us  what  we’d  expect  from  a  single-vendor,  enterprise- 
class  server  management  platform.  It  let  us  configure, 
monitor,  deploy  and  troubleshoot  the  x336. 

The  x336  system  documentation  was  clear  and  easy  to 
read.  It  was  refreshing  to  quickly  search  a  document  for  the 
necessary  information  and  not  end  up  following  a  circle  of 
meaningless  information  or  references  to  multiple  sources. 

The  x336  is  a  solid-performing  server,  with  great  physical 
design  and  management  features.  Its  single-rack  space 
design  will  attract  companies  looking  to  host  applications 
that  need  dual  processors,  but  in  a  small  space. 

Bass  is  a  senior  technical  staff  member  at  North  Carolina 
State  University's  Centennial  Networking  Labs.  CNL  tests  net¬ 
working  equipment  and  network-attached  devices  for  inter¬ 
operability  and  performance. He  can  be  reached  at 
john_bass@ncsu.edu.  Chintan  Desai  and  Nader  Shinouda 
of  CNL  assisted  with  the  testing. 
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Short  Takes 


■  Microsoft  has  announced  that 
the  official  name  for  its  operating 
system,  previously  known  as 
Longhorn,  will  be  Windows  Vista.  The 
software  is  due  out  in  2006,  though 
Microsoft  said  that  a  first  beta  is 
expected  to  be  available  to  develop¬ 
ers  and  IT  professionals  Aug.  3.  The 
first  beta  will  include  only  some  of 
Vista's  promised  functionality,  such 
as  virtual  folders  and  a  new  desktop 
search  engine,  but  will  not  include 
many  of  the  GUI  enhancements  of 
the  finished  product. 

■  HP  and  Altiris  have  strengthened 
their  long-standing  partnership  with 
the  release  of  two  co-developed 
client-management  software  bun¬ 
dles.  The  HP  Client  Foundation  Suite 
includes  five  main  software  pieces: 
HP  Client  Manager  6.1,  HP  Systems 
Insight  Manager  Connector,  Altiris 
Inventory  Solution,  Altiris 
Deployment  Solution  and  Altiris 
Local  Recovery  Pro.  The  second 
bundle,  the  HP  Client  Premium 
Suite,  contains  those  products  plus 
seven  more:  HP  OpenView 
Connector,  Altiris  Software  Delivery 
Solution,  Altiris  Patch  Management 
Solution,  Altiris  Application  Metering 
Solution,  Altiris  Connector  Solution, 
Altiris  Carbon  Copy  Solution  and 
Altiris  Application  Management 
Solution. The  HP  Client  Foundation 
Suite  costs  $63;  the  HP  Client 
Premium  Suite  is  $92.  HP  says  each 
saves  more  than  62%  than  if  cus¬ 
tomers  were  to  buy  the  suite's  soft¬ 
ware  elements  separately. 

■  Industry  watcher  In-Stat  says  the 
market  for  tablet  PCs  has  had  mixed 
results  since  starting  up  three  years 
ago,  but  significant  growth  is  on  the 
way.  The  researcher  projects  the 
market  for  these  devices,  which  run 
Microsoft's  Windows  XP  Tablet  PC 
Edition  operating  system,  will  more 
than  quadruple,  from  $1.2  billion  last 
year  to  $5.4  billion  in  2009.  Vertical 
markets  such  as  healthcare,  real 
estate  and  insurance  have  driven 
shipments. 


PC  blades  get  clean  bill  of  health 


Healthcare  group 
finds  them  more 
secure,  less  costly. 

BY  DENI  CONNOR 

Northwestern  Memorial  Physicians  Group 
has  decided  that  patients  and  traditional 
PCs  just  don’t  mix  in  the  exam  rooms  at  its 
clinics. 

On  one  hand,  medical  workers  for  the 
Chicago-area  healthcare  collective  need 
fast  access  to  patient  data  in  exam  rooms. 
On  the  other,  the  organization  fears  that  out¬ 
fitting  the  rooms  with  full-fledged  PCs  could 
result  in  data  or  computer  theft,  create  awk¬ 
ward  PC  support  situations  and  even  result 
in  contaminants  dispersed  by  a  PC’s  fan  in 
the  presence  of  a  sick  patient. 

Those  are  among  the  issues  behind 
NMPG’s  decision  to  yank  noisy  PCs  out  of 
exam  rooms  and  replace  them  with  devices 
called  PC  blades,  which  fit  into  a  central 
rack,  such  as  server  and  other  blades.  The 
healthcare  outfit  installed  149  PC  blades 
and  plans  to  get  30  more  up  and  running 
this  month. 

The  twist  is  that 
these  systems,  from 
ClearCube,are  divvied 
up  so  that  the  monitor, 
keyboard  and  mouse 
are  in  the  exam  rooms 
(they’re  linked  via  a 
small  box  called  a 
port,  which  connects 
to  the  LAN),  but  the 
CPU,  memory  and 
disk  drives  are  in  tele¬ 
com  closets  or  med¬ 
ical  supply  rooms. 

“One  of  the  reasons  we  didn’t  want  to  put 
traditional  PCs  in  the  exam  rooms  was  secu¬ 
rity  says  Guy  Fuller,  manager  of  IT.“We  didn’t 
want  the  physicians  walking  out  of  the 
room  and  having  a  patient  take  a  PC  with 
them  when  they  left.  Conversely  we  didn’t 
want  to  lock  down  the  PC,  because  it  would 
affect  the  physician/patient  experience.” 

Making  the  switch  also  involved  an  eco¬ 
nomic  decision. 

“1  didn’t  want  to  send  a  technician  into  a 
room  to  replace  a  PC  while  a  doctor  was 


The  PC  blade  is  in 

Northwestern  Memorial  Physicians  Group  replaced  traditional  PCs  in  the  exam 
rooms  at  its  clinics  with  PC  blades.  The  new  setup  helps  to  protect  patient  data, 
gives  medical  personnel  reliable  data  access  and  eases  desktop  management, 
according  to  the  IT  team.  ,v*=n  other  clinics 
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A  small  box  called  a  port 
links  the  keyboard,  monitor 
and  mouse  to  the  PC  blade. 
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Remote  management 


performing  a  procedure  on  a  patient.We  see 
patients  at  15-minute  intervals,  and  we  can’t 
afford  any  downtime,”  Fuller  says. 

He  estimates  that  over  a  four-year  period 
the  company  will  save  as  much  as  $300,000 
for  every  100  ClearCube-bladed  PCs.  For 
every  15  minutes  a 
computer  is  down 
in  an  exam  room 
and  a  physician 
can’t  provide  care, 
NMPG  would  lose 
$150  in  revenue, 
Fuller  says. 

Fuller  and  his 
associates  are 
responsible  for 
maintaining,  con¬ 
figuring  and 
installing  servers  and  workstations  at 
NMPG’s  nine  satellite  medical  clinics.  They 
use  the  ClearCube  Management  Suite. 

“We  don’t  want  to  visit  a  clinic  if  we  can 
help  it,”  he  says. ‘At  a  later  date,  we’ll  sched¬ 
ule  a  visit  to  the  clinic  to  add  a  new,  spare 
blade.” 

NMPG  has  measured  some  solid  benefits 
from  making  its  PC  swap.  The  organization 
reduced  the  number  of  hours  spent  upgrad¬ 
ing  and  patching  PCs  by  57%  —  from  200 
hours  to  86  hours  —  since  the  PCs  can  be 
administered,  managed  and  failed  over 


“One  of  the  reasons 
we  didn’t  want  to  put 
traditional  PCs  in  the 
exam  rooms  was 
security.’’ 

Guy  Fuller,  manager  of  IT,  Northwestern 
Memorial  Physicians  Group 


remotely  The  outfit  slashed  the  number  of 
hours  spent  supporting  PCs  by  75%,  and 
user  downtime  fell  from  280  to  87  hours. 

Installing  bladed  PCs  at  NMPG  had  its 
challenges.  Fuller  and  his  staff  had  to  retro¬ 
fit  rooms, which  also  held  medical  supplies, 
bandages  and  patient  charts,  to  deal  with 
such  issues  as  the  heat  generated  by  the 
back  end  of  the  ClearCube  systems. 

“The  building  management  won’t  allow 
me  to  exhaust  through  the  plenum,”  Fuller 
says,  referring  to  the  space  above  the  ceil¬ 
ing.  To  put  extra  cooling  on  the  roof  would 
cost  hundreds  of  thousands  dollars,  so  that 
isn’t  realistic.”  He  has  installed  portable  cool¬ 
ing  in  some  rooms  or  vented  the  heat  into 
other  places. 

Until  last  year,  ClearCube  was  the  only  ven¬ 
dor  to  offer  bladed  PCs.  HP  also  offers  them 
now.  IBM  and  Dell  rely  on  traditional  PCs  or 
thin-client  implementations.  ■ 


A  big  savings 

Visit  our  server/desktop  research  center  for  more 
customer  case  studies,  including  one  about  a 
Wisconsin  city  that  has  found  big  savings  in  Linux. 

DocFinder:  8252 


IBM  eServer™  xSeries* 


PAY  MORE  ATTENTION  TO  SERVERS 
BEFORE  YOU  BUY  THEM. 

SO  YOU  CAN  PAY  LESS  ATTENTION 


Affordable,  reliable,  easy  to  manage:  eServer  xSeries  with  Intel®  Xeon™  Processors 


IBM  eServer  xSeries  226  Express 

An  entry-level  server  that  offers 
the  reliability  and  performance 
needed  for  business-critical 
computing.  Easy  set  up,  deploy¬ 
ment,  and  access  to  all  major 
system  components. 

System  features 

Up  to  two  Intel  Xeon 
Processors  3GHz/2MB 
Two-way  tower  with 
rack  capability 

Up  to  7  hot-swappable 
SCSI  hard  disk  drives 

Two  73GB  HS  SCSI  HDD 
standard 

Limited  warranty:  up  to  3 
years  on-site3 

From  $1,639*4 

(Other  configurations  as  low  as  $1,2294) 

IBM  Financing  Advantage 

Only  $45  per  month5 


IBM  eServer  xSeries  346  Express 

Help  maximize  performance 
and  improve  availability  in  a 
rack  dense  environment  with 
Xtended  Design  Architecture? 
Includes  features  like  Calibrated 
Vectored  Cooling,  an  IBM  inno¬ 
vation  that  helps  to  cool  your 
system  and  improve  uptime. 

System  features 

Up  to  two  Intel  Xeon 
Processors  3GHz/2MB 
Two-way  2U  rack  server 
Up  to  2GB  DDR2  memory 
using  8  DIMM  slots  with 
enhanced  memory 

Limited  warranty:  up  to  3 
years  on-site3 

From  1,999*4 

(Other  configurations  as  low  as  $2,2194) 

IBM  Financing  Advantage 

Only  $109  per  month5 


IBM  eServer  xSeries  366  Express 

With  the  power  of  3rd  generation 
Enterprise  X-Architecture?  it  sets 
a  new  standard  for  4-socket, 
64-bit  servers.  Delivers  increased 
performance,  systems  manage¬ 
ability,  and  simultaneous  support 
for  32  and  64-bit  apps. 

System  features 

Up  to  four  64-bit  Intel  Xeon 
Processors  MP  3.66GHz 
64GB  DDR  memory 

4GB  memory  expandable 
to  64GB 

Six  64-bit  Active  PCI-X  2.0 
IBM  Director 

Calibrated  Vectored  Cooling 
Limited  warranty:  up  to  3  years 
on-site3 

From  $1ffi79*4 

(Other  configurations  as  low  as  $6,9994) 

IBM  Financing  Advantage 

Only  $379  per  month5 
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Flexible  and  easy  to  use 


IBM  eServer  BladeCenter  HS20  Express 


Designed  to  support  the  Intel 
Xeon  Processor  and  packed 
with  high-availability  features, 
the  eServer  BladeCenter 
HS20  with  an  industry-leading 
modular  design  delivers  density 
without  sacrificing  processor 
performance. 


System  features 


Up  to  two  Intel  Xeon 

Processors  3.20GHz/2MB 
Up  to  14  blades  per  chassis 
Supports  both  32 

and  64-bit  applications 
IBM  Director 

Limited  warranty:  up  to  3  years 
on-site3 


From  $2,979*4 

(Other  configurations  as  low  as  $1,8394) 

IBM  Financing  Advantage 

Only  $82  per  month5 


IBM  TotalStorage® 


Simplify  storage  managemenf  to  help  improve  productivity 


IBM  TotalStorage  DS300  Express 


System  features 


Entry-level,  cost-effective  SCSI  storage  systems 
designed  to  deliver  advanced  functionality  at  a 
breakthrough  price.  Provides  an  exceptional 
solution  for  work  group  storage  applications, 
such  as  e-mail,  file,  print,  database  and  Intel 
Xeon  Processor-based  servers. 


3U  rack-mount  entry  level  Starts  at  584GB  / 

Support  for  up  to  14  Scales  to  4.2TB 

Ultra320  SCSI  disk  drives  Limited  warranty:  1  year 

on-site3 

From  $5,355*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $2,995)  Only  $147  per  month5 


*AII  prices  are  IBM's  estimated  retail  selling  prices  that  were  correct  as  of  June  3, 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products 
are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1.  IBM  Director  is 
not  available  on  TotalStorage  products.  2.  IBM  Director  must  be  installed.  Products  included  in  IBM  Express  Servers  and  Storage  may  also  be  purchased  separately.  3.  Telephone  support  may  be  subject  to 
additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  4.  Prices  subject  to  change  without  notice.  Price  may  not  include  a  hard  drive, 
operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  5.  IBM  Global  Financing  terms  and  conditions  and  other  restrictions 


TO  THEM  AFTER. 


With  IBM®  Express  Servers  and  Storage™  offerings 
designed  for  mid-sized  businesses,  help  is  here. 

You’ve  already  got  a  zillion  things  that  require  your 
attention -you  shouldn’t  have  to  worry  about  your  systems. 
That’s  why  IBM  Express  products  offer  reliability  features, 
which  help  them  do  their  job  so  you  can  focus  on  yours. 

Take  IBM  Director,  which  comes  standard.1  It  can  pro¬ 
actively  notify  you  of  a  potential  problem -up  to  48  hours 
in  advance.  Or  our  Calibrated  Vectored  Cooling  feature 
available  on  select  xSeries  systems.  It  can  cool  your  system 
more  efficiently.  This  means  more  features  can  be 
packed  into  a  smaller  server-for  more  functionality  and 
greater  flexibility. 

It’s  just  an  example  of  our  self-managing  features  that  help 
you  take  back  control  of  your  IT.  Which  can  help  lower 
your  maintenance  costs,  too.  Because  with  IBM  Express 
Servers  and  Storage,  innovation  comes  standard.  It’s 
not  optional.  Plain  and  simple,  it’s  built  in.2 

There’s  also  one  more  great  feature-your  IBM  Business 
Partner.  Which  means  you  can  have  a  one-to-one  chat 
with  someone  who  understands  your  industry  and  your 
business  -  and  who’s  located  in  your  neck  of  the  woods. 
And  for  mid-sized  businesses,  that’s  really  big  help  in  a 
really  big  way. 
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HELP  FOR  ANY  SIZE  PROBLEM 


IBM  TotalStorage  DS400  Express 

With  advanced  functionality,  the  DS400  provides 
an  exceptional  solution  for  work  group  storage 
applications.  It  supports  Intel  Xeon  Processor- 
based  servers  and  offers  Fibre  Channel  drives 
designed  for  high  performance,  and  hot-swap 
Ultra320  SCSI  drives  designed  for  high  reliability. 


System  features 

2GB  Fibre  Channel  storage  Starts  at  584GB  /  Scales  to  12TB 

systems  area  network  (SAN)  Limited  warranty:  1  year  on-site3 
3U  rack-mount  entry  level 

From  $8,495*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $4,995)  Only  $234  per  month'" 


may  apply.  Monthly  payment  provided  is  tor  planning  purposes  only  arid  may  vary  based  on  customer  credit  and  other  factors.  Rates  and  offerings  are  subject  to  changes,  extension  or  withdrawal  without  notice.  IBM. 
eServer,  BiadeCenter,  xSeries,  TotalStorage,  IBM  Express  Servers  and  Storage,  Enterprise  X-Architecture  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines 
Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  ot  Intel  Corporation  or  its  subsidiaries  in  the  United  States 
and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ot  others.  ©  2005  IBM  Corporation.  All  rights  reserved. 
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un  eyes  throughput-computing  push 


Looking  for  a  Sparc 

Sun  is  preparing  to  roll  out  chips  it  says  are  designed  to  handle  heavier  workloads  and  better  meet  customer  needs. 


Sun  says  it  will  begin  shipping  systems 
in  the  fourth  quarter  based  on 
UltraSparc  IV+,  which  will  have  a  higher 
clock  speed,  and  more  enhanced 
memory  and  I/O  features  than 


Sun  to  begin  in  the  first  quarter  its 
throughput-computing  push  with  systems 
based  on  an  eight-core  Niagara  chip.  Each 
core  in  the  processor  will  handle  four 
simultaneous  threads,  enabling  it  to  support 


The  Sun-Fujitsu  partnership  announced 
in  2004  is  expected  to  yield  results, 
with  servers  in  what  Sun  is  calling  its 
Advanced  Product  Line  beginning  to 
ship.  The  servers,  a  result  of  a  merger 


Systems  based  on  Sun’s  high-end 
throughput-computing  chip,  Rock,  to 
debut.  Sun  has  released  few  details  about 
the  chip,  except  to  say  that  it  will  be 
multi-core  and  geared  for  high-end 


UltraSparc  IV. 

32  th 

neads  at  a  time.  of  Sun’s  Sun  Fire  line  and  Fqjitsu's  database  and  ERP 

Sparc-based  PrimePower  line,  will  be 
geared  for  low-end  to  high-end 
computing  environments. 

,  1  , 

applications. 
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BY  JENNIFER  MEARS 

Sun  is  set  to  begin  a  major  push  to 
improve  computing  throughput  with  the 
release  of  systems  based  on  its  eight-core 
Niagara  processor  in  the  first  quarter  of 
next  year.  Analysts  say  the  systems,  which 
are  designed  for  multi-threaded, Web-facing 
workloads,  such  as  security  processing, 
could  give  Sun  the  edge  it’s  looking  for  to 
reinvigorate  its  Sparc-based  line  of  servers. 

Sparc  lifted  Sun’s  fortunes  during  the  dot¬ 
com  boom,  but  since  then,  the  company 
has  had  to  shift  gears  as  enterprise  cus¬ 
tomers  moved  away  from  buying  big  pricey 
boxes  in  favor  of  smaller,  less  expensive 
standards-based  systems.  In  the  past  year  or 
so,  Sun  has  focused  on  the  low  end, 
announcing  a  close  partnership  with  AMD. 

Sun  is  preparing  to  roll  out  its  Opteron- 
based  Galaxy  line  of  servers  in  coming 
months.  At  the  same  time,  the  company 
continues  to  improve  its  high-end  systems 
and  is  preparing  for  several  new  Sparc 
product  launches,  including  systems  based 


BY  JAMES  NICCOLAI,  IDG  NEWS  SERVICE 

The  Enterprise  Grid  Alliance,  which 
includes  several  top  vendors  trying  to 
accelerate  the  use  of  grid  computing  by  big 
businesses,  has  published  its  first  paper  on 
the  unique  security  requirements  of  grids. 

The  37-page  paper  aims  to  help  users,  ven¬ 
dors  and  standards  groups  identify  the  risks 
associated  with  enterprise  grid  computing. 
The  group  plans  to  discuss  technologies 
and  practices  for  mitigating  the  risks  in  a 
later  paper,  it  says. 

The  alliance  was  formed  in  2004  by 
Oracle,  EMC,  HP  and  several  other  vendors. 
Membership  is  open  to  all,  though  IBM  and 
Microsoft  have  not  joined. 

Some  of  the  security  requirements 
described  in  the  paper  also  apply  to  tradi¬ 
tional  systems  and  become  more  promi¬ 
nent  in  grid  setups.  For  example,  a  storage 
system  might  contain  sensitive  information 
that  should  be  accessible  only  from  one 
application,  even  though  several  applica¬ 
tions  link  to  that  storage  resource.  Grid 
computing,  by  its  nature,  tends  to  increase 
the  occurrences  in  which  multiple  applica¬ 
tions  access  a  single  resource,  making  secu¬ 
rity  issues  more  prominent. 

Other  security  requirements  are  unique 
to  grids,  and  most  of  these  have  to  do  with 
what  the  paper  calls  the  “grid  management 
entity  or  GME,  responsible  for  the  grid’s 
operation. The  GME  provisions  and  config¬ 
ures  grid  components,  such  as  servers  and 
storage  arrays,  manages  workloads  and 
“decommissions”  components  when  their 


on  an  updated  UltraSparc  chip  and 
Niagara. 

The  struggling  server  maker  posted  anoth¬ 
er  quarter  of  revenue  decline  last  week:  Its 
fourth-quarter  revenue  was  just  less  than  $3 
billion,  down  4.3%  from  the  fourth  quarter  a 


work  is  done. 

“Grid  resources  [or  simply  pools  of  net¬ 
worked  resources]  alone  are  not  unique  to 
a  grid  environment.  What  is  unique  is  the 
way  in  which  they  are  aggregated  and  man¬ 
aged.  By  introducing  the  GME  with  the  abil¬ 
ity  to  provision,  manage  and  decommis¬ 
sion  pools  of  grid  resources,  we  get  to  the 
heart  of  the  unique  threats  and  security 
requirements  in  a  grid  environment,”  the 
paper  says. 

It  goes  on  to  describe  various  risks  and 
how  they  can  affect  grid  environments. 
They  include  access-control  attacks,  in 
which  unauthorized  users  or  components 
join  a  grid;denial-of-service  attacks  (against 
the  grid  management  entity  for  example); 
and  object  reuse,  in  which  an  unauthorized 
user  accesses  a  grid  component  that  has 
not  been  properly  decommissioned  or 
“sanitized." 

The  paper,  coming  from  a  group  whose 
members  sell  products  for  building  grids, 
strikes  a  mostly  positive  tone.  It  argues  that 
grids  can  enhance  security  in  some  areas.  It 
notes  that  grids  still  need  security  controls 
used  in  more  traditional  environments,  in 
areas  such  as  identification,  authentication 
and  confidentiality 

The  alliance  has  limited  its  focus  to 
enterprise  applications  within  a  single  data 
center  —  far  narrower  than  the  definition 
used  in  academic  and  technical  commu¬ 
nities,  which  use  grids  to  link  computing 
centers  that  can  be  widely  dispersed 
across  organizations. 


year  ago.  Sun  says  a  more  diversified  server 
portfolio  aimed  to  meet  different  business 
needs  will  help  get  its  financials  back  on 
track. 

Last  year,  Sun  took  its  first  step  to  improve 
computing  throughput,  in  which  single 


Grids  that  conform  to  that  broader  defini¬ 
tion  could  pose  considerable  security  chal¬ 
lenges  for  a  business.  But  a  grid  that  oper¬ 
ates  within  the  boundaries  of  a  single  orga¬ 
nization  would  not  necessarily  be  difficult 
to  secure,  says  Andy  Kellett,  a  senior 
research  analyst  for  security  at  Butler 
Group. 

“If  you’ve  got  a  decent  security  system  in 
place,  and  if  the  boundaries  of  your  grid  are 
the  boundaries  of  your  data  center,  then 
your  existing  authentication  and  access- 
control  systems  should  take  care  of  what’s 
required,”  he  says. 

The  paper  is  the  second  work  published 
by  the  Enterprise  Grid  Alliance.  In  May  it 
published  a“reference  model”  for  grid  com¬ 
puting,  including  a  lexicon  of  terms,  a 
model  for  classifying  the  management  and 
life  cycles  of  grid  components,  and  a  set  of 
usage  scenarios  (see  details  at  www.net 
workworld.com,  DocFinder  8241). 

The  group  has  said  it  will  build  on  top  of 
current  standards  and  research  and  not  try 
to  “reinvent  the  wheel.”  Other  participants 
include  Cisco,  NEC,  Novell  and  Sun.  ■ 


nww.com 

Summer  reading 

Check  out  the  Enterprise  Grid  Alliance's  white  paper 
on  grid  security  here:  DocFinder:  8227 


chips  handle  multiple  tasks  simultaneously 
by  introducing  systems  based  on 
UltraSparc  IY  a  dual-core,  dual-threaded 
architecture.  Niagara,  which  includes  tech¬ 
nology  from  Afara  Websystems,  acquired  by 
Sun  in  2002,  takes  the  multi-tasking  story 
further,  with  each  of  the  eight  cores  able  to 
handle  four  application  threads. 

In  addition,  with  each  core  running  at  a 
lower  frequency,  Niagara  can  offer  more 
processing  power  at  a  lower  wattage,  mean¬ 
ing  less  heat  output  and  power  demands 
than  other  servers,  says  Jeff  O’Neal,  director 
of  engineering  in  Sun’s  scalable  systems 
group. 

“There  is  too  much  power  being  dissipat¬ 
ed  for  the  amount  of  performance  you’re 
getting  out  of  today’s  data  centers,”  O’Neal 
says.  “What  we’re  looking  at  is  helping  data 
center  managers  out  of  their  jam  by  apply¬ 
ing  technology  to  the  problem.” 

The  key  benefit  of  high-throughput  com¬ 
puting  is  that  it  “hides  memory  latency’ 
O’Neal  says. 

“In  a  typical  architecture,  when  you  have 
a  cache  miss  or  stall,  the  pipeline  doesn’t 
do  anything.  It  waits.  Whereas  here,  if  the 
pipeline  stalls,  we  just  say  That’s  fine.  We’ve 
got  other  threads  lined  up  and  shoot  them 
through,’  ”  he  says. 

Niagara  has  the  potential  to  trigger  growth 
of  the  Sparc  Solaris  line,  says  Nathan 
Brookwood,  principal  analyst  at  Insight64. 

“IT  managers  more  than  ever  are  really 
feeling  the  pressure  from  the  heat  today’s 
chips  put  out  and  the  power  they  are  con¬ 
suming,”  he  says.  “If  Niagara  really  can  han¬ 
dle  the  workload  of  multiple  Sun  Opteron 
systems  or  Dell  Xeon  systems  with  less 
power  consumed  and  less  heat  kicked  out, 
I  think  that  would  attract  new  customers.” 

Sun  also  plans  to  begin  shipping  systems 
based  on  UltraSparc  IV+  by  year-end. 

UltraSparc  IV+  runs  at  1.8  GHz,  a  boost 
over  UltraSparc  IV’s  1.3-GHz  chip.  Perhaps 
more  important,  UltraSparc  IV+  has  a  larger 
memory  including  a  2M-byte  L2  cache  and 
a  32M-byte  off-chip  cache.  ■ 


Forum  seeks  to  keep  grids  safe 
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Aspect  reaches  beyond  the  call  center 


BY  JENNIFER  MEARS 

Aspect  Communications,  which  special¬ 
izes  in  call  center  workforce  management 
applications,  is  updating  its  self-service 
software  so  customers  can  expand  their 
use  of  speech-powered  technology 

Customer  Self  Service  (CSS)  7.1  includes 
aVoiceXML-based  auto  attendant  product, 
the  ScanSoft  Open  Speech  Attendant,  that 
can  be  deployed  for  broader  corporate 
use.  Aspect  plans  to  announce  the  new  ver¬ 
sion  at  the  SpeechTek  conference  this 
week  in  NewYork.The  basic  platform  starts 


Short  Takes 


■  Groundwork  Open  Source 
Solutions,  a  maker  of  open  source- 
based  IT  management  software,  has 
named  Ranga  Rangachari  as  presi¬ 
dent  and  CEO.  He  brings  more  than 
20  years  of  sales  and  management 
experience  from  software  compa¬ 
nies  such  as  Invio  Software  and 
Legato  Systems.  He  replaces 
Robert  Fanini,  a  company  co¬ 
founder,  who  will  continue  with 
Groundwork  to  focus  on  market  and 
business  development  activities. 

■  Netuitive  last  week  unveiled  its 
Service  Analyzer,  software  that  is 
designed  to  automate  the  deploy¬ 
ment  of  business  service  manage¬ 
ment  tools  and  helps  to  manage  IT 
service  health.  Among  other  things, 
the  software  correlates  end-user 
experience  with  infrastructure  per¬ 
formance  data  to  assure  end  users 
get  the  IT  service  required.  Service 
Analyzer  starts  at  $75,000  and  is 
scheduled  to  be  available  on  Sept.  1. 

■  Computer  Associates  last  week 
said  it  is  buying  e-mail  security  soft¬ 
ware  vendor  Qurb  for  an  undis¬ 
closed  amount.  Qurb  offers  anti¬ 
spam,  anti-phishing  and  anti-fraud 
tools,  which  CA  says  will  comple¬ 
ment  its  eTrust  security  manage¬ 
ment  products.  CA  has  licensed 
Qurb  technology  for  its  consumer 
product  line  since  last  year. 


at  $20,000;  the  auto  attendant  add-on  starts 
at  $25,000. 

Open  Speech  Attendant  provides  speech- 
enabled  dial-by-name  capabilities,  elimi¬ 
nating  the  need  for  a  live  operator  to  route 
calls  within  a  business. 

“What  this  means  is  you’ll  have  a  different 
buyer  in  the  enterprise.  The  call  center 
manager  doesn’t  have  to  buy  it.The  IT  man¬ 
ager  can  buy  it.The  telecom  manager  can 
buy  it.  It  extends  [Aspect’s  products]  deep¬ 
er  into  the  enterprise,”  says  Sheila  McGee- 
Smith,  president  and  principal  analyst  at 
McGee-Smith  Analytics. 

Corporations  in  growing  numbers  are 
turning  to  speech-enabled  applications, 
such  as  Aspect’s  CSS,  that  let  customers 
conduct  transactions  automatically  via  the 
phone,  rather  than  having  live  agents  han¬ 
dle  every  call.  The  idea  is  to  reduce  labor 
costs  and  improve  efficiency 

Call  center  costs  and  ROI  typically  are 
very  clear  and  by  applying  speech  tech¬ 
nology  more  broadly,  customers  will  see 
greater  return  from  their  call  center  invest¬ 


ments,  McGee-Smith  says. 

“That’s  what  Aspect  is  saying  here,  ‘You 
bought  it  for  your  call  center.  Let  me  help 
you  leverage  it  against  the  rest  of  your  busi¬ 
ness,”’ she  says. 

VoiceXML  is  one  standard  driving  the 
trend  toward  broader  use  of  speech- 
enabled  applications.  Aspect  and  its  com¬ 
petitors,  such  as  Avaya,  Genesys  Telecom¬ 
munications  Laboratories  and  Nortel,  in¬ 
creasingly  are  using  VoiceXML-based  appli¬ 
cations  to  make  it  easier  for  customers  to 
expand  speech-powered  applications  and 
extend  them  into  other  areas  of  their  busi¬ 
nesses.  In  the  past,  customers  had  to  use 
custom-built  applications. 

“The  Open  Speech  Attendant  application 
is  plug  and  pla^’  McGee-Smith  says.  “It’s  a 
great  proof  point  that  their  VoiceXML 
engine  really  works  and  that  it  doesn’t  have 
a  lot  of  proprietary  hooks  in  it  that  would 
make  it  difficult  for  an  off-the-shelf,  pre¬ 
packaged  product  to  work.” 

Other  updates  in  CSS  7.1  include  support 
for  more  languages,  better  voice  quality 


and  better  recognition.  In  addition,  CSS  7.1 
integrates  speech  recognition  and  speaker 
verification  technology  from  ScanSoft  and 
Nuance.  An  updated  open  database  con¬ 
nectivity  driver,  which  enables  the  system 
to  access  databases  from  different  ven¬ 
dors,  provides  faster  data  access  for  the 
self-service  application. 

Aspect’s  Customer  Self  Service  product  is 
available  as  a  hardware/software  package 
on  Dell  servers  and  as  software-only  ■ 
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DemoFall 

Join  the  industry's  most  influential  leaders  Sept. 
19-21  for  DemoFall  2005  —  two  days  of  presen¬ 
tations  showcasing  the  latest  and  most  exciting 
innovations  in  the  world  of  technology.  Network 
with  powerful  journalists,  analysts,  and  VCs. 
Register  now!  DocFinder:  7636 


A  closer  look  at  ITIL 


The  Information  Technology 
Infrastructure  Library  is  designed  to 
help  cut  costs  and  streamline  IT 
operations,  and  is  finding  converts 
seeking  to  maintain  regulatory  com¬ 
pliance  as  well.  Initially  popular  over¬ 
seas,  ITIL  is  growing  in  use  in  the 
U.S.,  where  four  out  of  10  organiza¬ 
tions  will  adopt  it  by  2007,  according  to  Meta  Group 
(now  part  of  Gartner).  Former  Meta  analyst  Michele 
Hudnall,  now  director  of  service  management  at  soft¬ 
ware  vendor  Managed  Objects,  recently  spoke  with 
Network  World  Senior  Editor  Denise  Dubie  about  the 
realities  of  ITIL  and  how  corporate  IT  shops  can  make 
the  most  of  their  implementations. 

What's  behind  ITIL's  rise  in  popularity? 

There  has  been  a  push  on  technology  organizations  to  map 
technology  to  business  for  quite  a  while.  Organizations  strug¬ 
gled  to  do  that,  and  they  were  looking  to  automate  that. 


Instead  of  starting  with  a  blank  sheet  of  paper  and  trying  to 
define  how  to  operate  the  technology  organization,  the  ITIL 
processes  give  you  a  good  starting  point  in  defining  what  vari¬ 
ous  operational  processes  might  look  like. 

Where  are  we  at  in  terms  of  ITIL  adoption  in  the  U.S.? 

We  are  peaking.  About  four  years  ago,  the  ITIL  adoption 
curve  was  starting  to  ramp  up,  but  I  rarely  talk  to  an  organiza¬ 
tion  today  that  is  not  looking  at  ITIL  in  some  respect. 

How  can  vendors  help  IT  organizations  adopt  ITIL? 

Technology  cannot  be  ITIL  certified.  It’s  only  a  consultant 
who  helps  an  organization  deliver  the  process  that  can  be  cer¬ 
tified.  And  what  is  really  being  certified  is  their  knowledge  of 
the  process  and  their  ability  to  be  able  to  put  it  in  context  of 
the  organization.  Look  for  good  adoption  of  the  ITIL  terminol¬ 
ogy  within  the  configuration  of  setting  up  and  deploying  the 
various  technologies. Vendors  can  provide  canned  templates 
within  the  technology  that  leverage  the  high-level  structure  of 
ITIL  so  that  IT  staff  isn’t  starting  with  a  blank  sheet  of  paper. 


What  are  the  stages  of  process  maturity  for  ITIL? 


See  ITIL,  page  30 


HOW  MANY  PEOPLE  DOES 
TO  SUPPORT  A  SINGLE 

(THAT ’S  TOO  I  IY.) 


With  IBM®  Express  Servers  and  Storage™  designed  for 
mid-sized  businesses,  help  is  here. 

Servers  should  support  a  business,  not  the  other  way  around. 
That’s  why  IBM  Express  Servers  have  self-managing  features:  so 
that  our  servers  can  virtually  run  themselves.  What’s  more,  with 
IBM  Express  Servers  and  Storage,  innovation  comes  standard. 
Take  the  OpenPower™  710  Express,  for  instance.  It’s  specially 
tuned  for  Linux®  and  offers  the  reliability  of  POWER5™  technology 
at  a  surprisingly  low  price.1 
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Tuned  for  Linux 

IBM  eServer  OpenPower  710  Express 


System  features 


Increase  computing  power,  availability  and  scalability 
in  a  rack  dense  environment 


And  while  you  can’t  be  in  two  places  at  the  same  time,  you  might 
want  to  look  into  the  innovative  server  feature  that  can.  For  example, 
the  remarkable  Advanced  POWER™  Virtualization  option  -  it  lets 
one  OpenPower  710  Express  act  as  many  virtual  ones. 

On  top  of  that  there’s  IBM  TotalStorage®  products,  which  offer  a  wide 
range  of  disk,  tape,  and  storage  software  solutions  -  so  you  can 
choose  the  right  options  to  meet  the  growing  needs  of  your  company. 

There’s  also  one  more  great  feature  -  your  IBM  Business  Partner. 
Which  means  you  can  talk  to  someone  who  understands  your 
industry  and  your  business  -  and  who’s  located  in  your  neck  of  the 
woods.  And  for  mid-sized  businesses,  that’s  really  big  help  in  a 
really  big  way. 
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Ideal  for  consolidation  of  infrastructure  workloads 
(Web  serving,  file,  print,  security  applications) 

Robust  64-bit  mainframe-inspired  POWER5  systems 

2-way  19"  rack  server 

Up  to  32GB  of  memory 

Optional  Advanced  POWER  Virtualization1 

DB2®  Express  Discover  CD 

Limited  warranty:  up  to  3  years  on-site2 

From  $4,477* 


IBM  Financing  Advantage 

Only  $124  per  month'1 


‘All  prices  stated  are  IBM's  estimated  retail  selling  prices  that  were  correct  as  of  May  6,  2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller 
prices  to  end  users  may  vary.  Offers  are  for  business  customers  only  and  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer 
the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  ’The  Linux  operating  system  for  the  OpenPower  710  Express  must  be  purchased  separately.  Price 
does  not  include  virtualization  option,  telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before 
sending  a  technician.  ;1IBM  Global  Financing  terms  and  conditions,  and  other  restrictions  may  apply.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based 
on  customer  credit  and  other  factors.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  '"’Customer  Replaceable  Unit  (CRU)  service  is  available  in  most 


IBM  TotalStorage' 


IT  TAKE 
SYSTEM? 


®  _ 

Simplify  storage  management  to  improve  productivity 


IBM  TotalStorage  3580  Express 


IBM  TotalStorage  DS4300  Express5 


The  3580  Express  helps 
address  your  growing  storage 
requirements  and  the 
problem  of  shrinking  backup 
windows.  It  supports  cost- 
effective  backup,  save  and 
restore,  and  data  archiving. 

System  features 

Built  on  Ultrium®  3  technology 

Read/write  compatible  with 
cartridges  written  by 
Ultrium  2  drives 

Read  compatible  with 
Ultrium  1  cartridges 

Up  to  400GB  cartridge  capacity. 
Up  to  800GB  with 
2  to  1  compression 

Limited  warranty:  3  years4 

From  $5,850* 

IBM  Financing  Advantage 

Only  $167  per  month3 


With  a  scalable  design,  the 
DS4300  Express  is  designed 
to  provide  a  reliable  and 
affordable  storage  option  to 
help  simplify  your  data 
management  needs. 

System  features 

|  2GB  Fibre  Channel  SAN-ready 
!  3U  rack  mount  entry  level 
!  Scales  to  33.6TB 

j  Supports  up  to  112  Fibre  Channel 
disk  drives  -  with  optional 
EXP710  expansion  units6 

Heterogeneous  OS  support 

Limited  warranty:  3  years  on-site2 

From  $8,655* 

IBM  Financing  Advantage 

Only  $238  per  month3 


S  THE  WORLD’S  HELP  DESK 

Learn  more  about-  our 

-full  ranc\e  of  irBwi  £xpf£ss 

product*?.  And  -find  the 

X&m  Business  Vartner 

near  you  -  who  (s  TTBm 

trained  to  Know  which 

systems  meet-  your  specifc 

requirement*? . 

ibm.com/eserver/helpishere2 

1-800-1 BM-7777 

mention  104CE02A 

SIZE  OF  BUSINESS  (2)  fjl] 

HELP  FOR  ANY  SIZE  PROBLEM 

countries.  General  product  availability  of  IBM  TotalStorage  DS4300  Express  is  expected  to  be  6/17/05.  6EXP710  expansion  unit  is  not  included  in  the  price.  MB,  GB  and  TB  equal 
1.000,000.  1,000.000,000  and  1,000,000,000.000  bytes,  respectively,  where  referring  to  storage  capacity.  Actual  storage  capacity  will  vary  based  upon  many  factors  and  may  be  less 
than  stated.  Some  numbers  for  storage  capacity  are  given  in  native  mode  followed  by  capacity  using  data  compression  technology.  IBM,  eServer,  POWER5,  OpenPower.  IBM  Express 
Servers  and  Storage.  DB2.  POWER  and  IBM  TotalStorage  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the  United  States  and  other  countries.  Linear  Tape-Open.  LTO,  and  Ultrium  are  trademarks  of  Certance.  HP  and  IBM  in 
the  U.S.  and  other  countries.  Other  company,  product,  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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Time  to  dump  that  MasterCard? 


NET  INSIDER 
Scott  Bradner 


Half  of  the  shoes  have  dropped 
on  CardSystems,  but  it’s  unclear 
whether  the  others  will.  They 
should,  and  this  company  should 
be  shut  out  of  the  credit  card-pro¬ 
cessing  business. 

Since  I  last  wrote  about  Card- 
Systems  Solutions  (www.network 
world.com, DocFinder:  8226), Visa 
has  announced  that  the  compa¬ 
ny  would  be  barred  from  pro¬ 
cessing  Visa  card  payments  as  of 
the  end  of  October.  American 
Express  followed  suit.  But  Master- 
Card  seems  to  have  decided  to 
forgive  and  forget  and  let  Card- 
Systems  keep  processing  Master- 


Cards  as  long  as  it  fixes  its  securi¬ 
ty  soon. 

In  other  words,  MasterCard 
decided  that  business  as  usual 
was  just  fine.  Discover  has  not  yet 
made  up  its  mind  about  what  it’s 
going  to  do. 

The  representatives  of  the  credit 
card  companies  and  the  CEO  of 
CardSystems  also  testified  at  a 
congressional  subcommittee 
hearing  on  “Credit  Card  Data 
Processing:  How  Secure  Is  It?”  But 
nothing  much  new  seems  to  have 
come  out  of  the  hearing. 

The  prepared  statement  of  Card- 
Systems  CEO  John  Perry  gives  the 
chronology  and  details  of  the 
security  breach,  and  implies  that 
the  company  will  have  to  close  if 
Visa  follows  though  on  its  deci¬ 
sion  to  terminate  CardSystems’ 
authority  to  process  Visa  cards 
(DocFinder:  8237). 

Perry  also  stated  it  is  clear  that 


records  of  at  least  239,000  unique 
credit  cards  were  downloaded, 
records  that  had  been  stored  in 
direct  violation  ofVisa  and  Master- 
Card  security  standards.  Visa 
makes  it  clear  (six  times)  in  a  two- 
page  FAQ  posted  on  its  site  that 
card  holders  are  not  responsible 
for  fraud  resulting  from  these 
stolen  card  records,  but  mail 
order  and  Internet  merchants 
could  be  (DocFinder:  8238). 

Individual  card  holders  can  be 
significantly  inconvenienced 
when  their  cards  get  stolen,  be¬ 
cause  they  may  have  to  argue 
that  they  did  not  make  specific 
purchases  and  get  new  cards.  As 
you  might  expect,  a  class  action 
lawsuit  has  been  filed  (Doc 
Finder:  8239). 

I  no  longer  have  a  MasterCard 
(my  bank  switched  me  to  Visa 
earlier  this  year),  but  if  I  did,  I 
would  cancel  and  shred  it. A  lot  of 


people  believe  that  credit  card 
companies  have  little  real  incen¬ 
tive  to  fix  security  problems  be¬ 
cause  they  are  insulated  from  the 
suffering  of  the  merchants  and 
credit  card  holders.  Visa  and 
AmEx  have  shown  that,  at  least 
sometimes,  this  may  be  a  false 
assumption.  But  MasterCard  has 
reinforced  the  common  wisdom. 

CardSystems  is  a  company  that, 
by  its  own  admission,  purposeful¬ 
ly  and  with  full  understanding 
violated  MasterCard’s  rules  and 
put  tens  of  millions  of  credit  card 
users  at  risk.  If  this  does  not  get 
MasterCard  to  act,  I  hate  to  imag¬ 
ine  what  would. 

CardSystems’  Perry  expressed 
surprise  at  Visa’s  actions.  It  seems 
he  would  rather  face  the  kind  of 
penalty  that  the  Securities  and 
Exchange  Commission  normally 
settles  for,  an  agreement  to  not  be 
bad  in  the  future.  I’m  also  sur¬ 


prised  at  Visa’s  actions  —  pleas¬ 
antly  so. 

Disclaimer: You  can’t  not  be  sur¬ 
prised  at  what  happens  at  Har¬ 
vard  —  it’s  so  large  and  diverse. 
But  the  university  has  not  ex¬ 
pressed  an  opinion  about  shred¬ 
ding  MasterCards,  so  the  above  is 
my  own. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobcom.com. 
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Charge  it? 

See  MasterCard's  announcement  in  keep¬ 
ing  with  CardSystems,  despite  its  securi¬ 
ty  flaws. 

DocFinder:  8236 


ITIL 

continued  from  page  27 

There  are  five  components: 
how  well  the  organization 
defines  the  process;  the  people,  roles 
and  skills  that  deliver  and  support  it; 
how  well  you  can  measure  it  or  commu¬ 
nicate  the  outcome  of  that  process;  how 


well  it’s  integrated  to  the  vari¬ 
ous  other  processes;  and 
then  how  well  automated 
that  process  is. 


What  is  a  good  place  to  start  with  ITIL? 

A  good  configuration  management 
process,  because  it  forms  an  underpin¬ 
ning  for  other  processes.  It  will  help  IT 


Cisco  nabs  software  firm 


BY  JAMES  NICCOLAI,  IDG  NEWS  SERVICE 

Cisco  last  week  announced  it  has 
agreed  to  acquire  Sheer  Networks,  which 
makes  software  designed  to  help  service 
providers  and  large  corporations  manage 
complex  networks. 

Cisco  will  pay  approximately  $97  million 
in  cash  and  assumed  options  for  the  pri¬ 
vately  held  company.  The  price  might 
increase  by  up  to  $25  million  if  Sheer 
reaches  certain  development  and  prod¬ 
uct  milestones,  Cisco  says. 

Sheer  makes  a  product  called  Sheer 
DNA,  or  Dynamic  Network  Abstraction, 
which  creates  a  real-time,  virtual  represen¬ 
tation  of  an  actual  network.  This  is  sup¬ 
posed  to  make  it  easier  to  manage  net¬ 
works  that  include  multiple  domains  and 
equipment  from  various  vendors. 

The  acquisition  will  flesh  out  Cisco’s 
network  management  offerings  for  ser¬ 
vice  providers  and  large  businesses,  Cisco 
says.  It  plans  to  build  on  Sheer’s  technolo¬ 
gy  to  develop  device,  network  and  service- 
level  management  applications  that  work 


Big  spender 


Cisco's  acquisition  of  Sheer  Networks 
marks  its  ninth  deal  this  year.  Here  is 
a  sampling  of  its  latest  deals: 


Acquired 

company 

Business 

focus 

Month 

announced 

Sheer  Networks 

Network 

management 

July 

Kiss  Technology 

Home 

networking 

July 

NetSift 

Security 

June 

M.l.  Secure 

Security 

June 

FineGround 

Networks 

Network 

acceleration 

May 

Vihana 

ASICs 

May 

with  multi-vendor  networks,  Cisco  says. 

Sheer’s  staff  will  become  part  of  Cisco’s 
Network  Management  Technology  Group. 
The  company  was  founded  in  1999  and 
has  100  employees  in  San  Jose  and  in 
Petach  Tikva,  Israel.  ■ 


departments  understand  what  services 
they  are  providing  to  the  organization. 
Then  incident  and  problem  manage¬ 
ment  become  high  priorities.Then  the 
change  management  process  becomes 
another  key  area:  now  they  want  to 
manage  that  configuration,  and  audit 
and  control  how  it  changes.  Because  of 
some  of  the  other  compliance  require¬ 
ments  that  have  come  into  organiza¬ 
tions,  IT  departments  are  having  to  man¬ 
age  the  systems  and  illustrate  when 
there  are  changes  to  the  configurations 
or  to  the  systems  that  support  financial 
systems,  for  example.  Because  systems 
are  being  used  to  support  those  func¬ 
tions,  they  are  having  to  be  audited  as 
well  with  a  more  stringent  change  and 
configuration  process. 

How  should  IT  departments  install  a  configu¬ 
ration  management  database? 

Anyone  who  really  embarks  on  a  single 
configuration  repository  is  being  set  up 
for  failure.  Even  if  parts  succeed,  it’s  a 
very  lengthy  process.There  is  data  that 
comes  out  of  many  systems,  developed 
prior  to  this  notion  of  a  service-oriented 
organization,  and  IT  shops  that  recognize 
this  and  leverage  existing  investments  are 
most  successful. They  seek  to  find  a 
method  with  which  to  integrate  the  data 
from  multiple  systems.  At  the  foundation 
of  ITIL  and  configuration  management  is 
the  definition  of  relationships  that  things 
have  to  one  another.  Looking  for  technol¬ 
ogy  to  help  integrate  and  bring  the 
pieces  of  data  that  are  most  relevant  out 
of  those  systems  is  really  the  most  suc¬ 
cessful  approach. 


What  are  the  most  common  obstacles  to 
implementing  ITIL? 

A  lot  of  folks  look  at  it  as  a  silver  bullet 
that  defines  specific  tasks,  such  as  “if  you 
do  this, you  will  receive  this  benefit.”  And 
it’s  really  not  defined  at  that  level.You 
really  have  to  take  it  as  a  best  practice 
and  a  starting  point.  And  you  really  have 
to  put  it  into  context  for  your  organiza¬ 
tion. The  organization  may  be  at  various 
levels  of  maturation  so  you  would  experi¬ 
ence  varying  levels  of  benefit.  Folks  who 
take  it  as  a  silver  bullet  definition  tend  to 
stumble.The  other  place  IT  shops  stum¬ 
ble  is  in  thinking  of  it  in  end-to-end  terms 
across  the  IT  organization. You  really 
want  to  better  manage  and  get  a  better 
handle  on  those  things  that  most  impact 
your  organization. Those  that  try  to  apply 
this  level  of  management  across  the 
board  make  their  systems  more  costly 
than  is  probably  necessary 

How  do  IT  governance  and  management 
relate? 

You  have  operational  management, 
the  day-to-day  management  of  the  oper¬ 
ational  processes,  and  the  efficiencies 
in  handling  those  silos.  And  then  over 
the  organization  are  the  governing  prin¬ 
ciples  of  how  that  organization  is  run. 
Who  has  access  or  privileges  to  data 
that  may  be  financially  sensitive,  for 
example.  It’s  difficult  to  meet  the  gov¬ 
erning  principles  if  you  don’t  have  a 
good  operational  foundation  from 
which  to  draw. Vendors  need  to  be 
aware  of  the  governing  principles;  those 
that  focus  only  on  the  operational  data 
tend  to  be  very  siloed.  ■ 
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■  THE  INTERNET  BVPNS  ■  INTEREXCHANGES  AND  LOCAL  CARRIERS  il  WIRELESS  S:  REGULATORY  AFFAIRS  II  CARRIER  INFRASTRUCTURE 


SBC/AT&T  merger:  Full  steam  ahead 


BY  DENISE  PAPPALARDO 

While  a  number  of  hurdles  remain,  SBC 
and  AT&T  are  looking  at  a  rather  smooth 
merger  process  thus  far. 

As  of  last  week,  only  seven  states  that  can 
approve  or  reject  the  $16  billion  merger 
had  yet  to  weigh  in.  Twelve  states  require 
only  formal  notification  about  such  a  merg¬ 
er,  and  a  few  such  as  Texas  do  not  require 
even  that  much. 

California,  the  latest  state  to  approve  the 
deal,  did  include  a  condition.  The  state 
asked  for  a  one-year  price  freeze  for  phone 
services  purchased  by  other  service 
providers  from  AT&T 

The  deal  also  has  received  approvals  from 
Australia,  Austria,  Estonia,  Germany,  Israel, 
Norway  Pakistan,  Russia  and  South  Africa. 

SBC  says  the  merger  does  not  require 
European  Union  approval,  even  though 
AT&T  is  a  sizable  telecom  service  provider 
throughout  Europe.  A  formula  based  on 
revenue  generated  in  each  country  deter¬ 
mines  whether  approvals  are  required, 
SBC  says,  and  SBC  does  not  meet  those 
thresholds. 

AT&T  shareholders  approved  the  merger 
in  June,  with  98%  who  voted  going  along. 
The  carrier  says  those  voters  represent 
more  than  70%  of  all  AT&T  shareholders. 

“We  remain  confident  that  the  merger  will 
close  in  a  timely  manner  in  line  with  previ¬ 
ous  projections,”  AT&T  President  and  CEO 


Short  Takes 


■  XO  Communications  last  week 
said  it  is  expanding  its  business  VoIP 
service  to  Minneapolis.  The  compa¬ 
ny's  XOptions  Flex  service  combines 
unlimited  local  and  long-distance  call¬ 
ing,  dedicated  Internet  access  up  to 
3M  bit/sec,  and  Web  hosting  for  a  flat 
monthly  price.  In  addition  to  unlimited 
calling,  the  service  supports  dynamic 
bandwidth  allocation,  voice  virtual  pri¬ 
vate  networking,  and  an  administra¬ 
tive  Web  portal.  XOptions  Flex  is  avail¬ 
able  in  46  other  metropolitan  areas  in 
the  U.S.  XO  says  it  has  signed  up 
1,000  customers  since  rolling  out  the 
service  three  months  ago. 


David  Dorman  said  last  week. 

Officials  from  both  companies  have  been 
saying  the  merger  will  close  toward  year- 
end  or  in  early  2006. 

“We  now  have  cleared  regulatory  hurdles 
with  two-thirds  of  the  states  and  foreign  gov¬ 
ernments,  and  we  expect  additional 
approvals  in  the  weeks  ahead,”  Dorman 
said  at  a  second-quarter  earnings  press 
conference.  “We  continue  to  work  closely 
with  both  the  FCC  and  [the  Department  of 
Justice]  to  address  their  questions  and  gain 
all  other  regulatory  approvals  as  quickly  as 
possible.” 

SBC  echoes  Dorman’s  enthusiasm. 

“We  are  extremely  pleased  at  the  pace 
and  progress  of  merger  proceedings.  We 
remain  confident  of  completing  the 
process  late  this  year"  says  Wayne  Watts, 
associate  general  counsel  at  SBC. 

While  state  and  foreign  approvals  have 
been  coming  through  relatively  easily  the 


It’s  been  more  than  10  years  since  the 
development  of  IPv6,  yet  it’s  had  virtually 
zero  adoption  among  U.S.  enterprise  cus¬ 
tomers  and  service  providers,  even  though 
the  U.S.  Office  of  Management  and  Budget 
recently  announced  it  intends  to  require 
support  across  government  agencies  for 
IPv6  by  2008. 

Are  network  managers  and  service  pro¬ 
viders  sticks-in-the-mud  who  refuse  to  get 
with  next-generation  technology? 

Not  at  all.  The  dirty  little  secret  behind 
IPv6  is  that  although  it’s  touted  as  “next-gen¬ 
eration”  IP  purportedly  increasing  security 
and  QoS,  in  reality  it  adds  little  to  existing  IP 
specs.  The  security  and  QoS  capabilities 
built  into  IPv6  are  virtually  identical  to 
those  added  over  the  years  to  IPv4. 

All  that  IPv6  really  does  is  increase  the 
number  of  directly  addressable  Internet 
endpoints  (to  about  340  trillion  addresses). 
This  is  potentially  useful,  particularly  in  a 
world  in  which  every  individual  soda  can, 
let  alone  every  vending  machine,  might 
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FCC  and  Justice  Department  approvals 
could  include  more  conditions.  In  areas 
where  both  companies  own  local  infra¬ 
structure  the  federal  agencies  will  likely  re¬ 
quire  the  divestiture  of  assets,  says  Lisa 
Pierce  a  vice  president  at  Forrester  Re¬ 
search.  “Verizon  and  MCI  will  have  similar 


conceivably  need  an  IP  address. 

However,  this  feature  isn’t  exactly  free. 
Quadrupling  the  address  space  dramatical¬ 
ly  increases  the  bandwidth  required  to 
transport  each  packet.  Sending  a  64-byte 
message,  for  instance,  requires  250%  more 
bandwidth  in  IPv6  than  in  IPv4. 

Obviously  the  overhead  increase  is  great¬ 
est  for  small  packets,  which  make  up  a 
minority  of  the  data  transferred  across 
today’s  Internet.  But  it’s  still  a  non-negligible 
issue  given  that  one  of  the  imagined  drivers 
for  IPv6  is  the  notion  of  vast  networks  of 
tiny  sensors  at  the  end  of  presumably  very- 
low-bandwidth  links. 

There’s  the  issue  of  the  appropriate  next- 
generation  routing  architecture.  Most  folks 
assume  the  IPv6  routing  will  be  a  simple 
“scaling  up”  of  today’s  routing  architec¬ 
tures,  but  some  point  out  that  the  next-gen¬ 
eration  Internet  will  require  next-genera¬ 
tion  routing.  And  that  routing  has  yet  to  be 
envisioned,  let  alone  implemented. 

Finally  there’s  the  real  question  of  why  a 
network  manager  would  want  directly 
addressable  endpoints.  Most  companies 
run  firewalls  with  network  address  transla¬ 
tion  (NAT)  precisely  to  cloak  their  end¬ 
points  from  the  Internet.  Moreover,  using 
NATs  dramatically  increases  the  number  of 


stipulations,”  she  adds. 

But  so  far,  no  approval  stipulations  have 
been  made  public  by  either  agency. 

Pierce  also  points  out  that  the  Justice 
Department  still  does  not  have  an  assistant 
attorney  general  for  its  antitrust  division.  In 
June,  Thomas  Barnett  became  the  acting 
head  of  the  antitrust  division.  “I  don’t  see 
how  something  of  this  magnitude  could  get 
through  without  a  permanent  appoint¬ 
ment,”  Pierce  says. 

Not  everyone  is  thrilled  with  the  pending 
mergers  between  SBC  and  AT&T,  and  Veri¬ 
zon  and  MCI.  The  Consumer  Union,  Con¬ 
sumer  Federation  of  America,  U.S.  Public 
Interest  Research  Group  and  the  National 
Association  of  State  Utility  Consumer  Advo¬ 
cates  all  have  submitted  comments  to  the 
FCC  urging  the  agency  to  reject  the  merg¬ 
ers.  These  groups  believe  the  mergers  will 
decrease  competition  and  ultimately  result 
in  higher  telecom  costs  for  consumers.  ■ 


addresses  available  to  networks  behind  the 
NAT  device,  which  eliminates  the  one  clear 
driver  for  IPv6. 

Where  does  the  momentum  behind  IPv6 
come  from?  Two  places:  First,  large  organi¬ 
zations  and  service  providers  outside  the 
U.S.  have  been  forced  by  a  lack  of  address¬ 
es  to  adopt  IPv6  (when  IP  addresses  were 
originally  allocated,  these  folks  got  too 
few). Second, as  noted,  the  U.S.  government 
has  mandated  its  use. 

It  remains  to  be  seen  how  rapidly  the 
deployment  will  take  off.  Government  man¬ 
dates  have  a  mixed  track  record  in  driving 
civilian  technology  deployment  (anybody 
remember  GOSIP?  How  about  ISDN?).  And 
it’s  clear  from  the  government’s  announce¬ 
ment  that  they  have  a  limited  understand¬ 
ing  of  how  difficult  the  transition  is  likely  to 
be,  which  means  the  time  frame  is  likely  to 
be  extended  well  beyond  2008. 

At  some  point,  IPv6  support  may  be 
required  to  connect  with  non-U.S.  service 
providers  and  government  offices.  But  until 
that  happens,  no  need  to  switch. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


IPv6:  Time’s  still  not  right 
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TECHNOLOGY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


ICE  helps  VoIP  traverse  firewalls 


HOW  IT  WORKS:  ICE 

The  Interactive  Connectivity  Establishment  is  designed  to  let  VoIP  traffic 
traverse  network  address  translation  firewalls.  ICE  defines  a  standard  way  for 
clients  to  determine  a  set  of  addresses  with  which  they  can  communicate. 


Q  Initiator  collects  all  sets  of  IP  addresses  on  which  it  can  receive  traffic  from  Simple  Traversal  of  UDP 
through  NAT  (STUN)  and  Traversal  Using  Relay  NAT  (TURN)  servers. 

B  Initiator  sends  list  of  addresses  to  STUN  server,  then  sends  initiate  message  to  responder  with  a  preference- 
order  list  of  addresses  for  communication  between  nodes. 

El  Responder  sends  a  STUN  request  to  each  address  provided  in  the  initiate  message. 

Q  Initiator  sends  STUN  reply  messages  back  to  responder  for  each  request  received. 

Q  Responder  receives  STUN  replies.  The  messages  indicate  the  addresses  by  which  the  initiator  and  responder 
can  communicate. 

H  The  address  with  the  highest  preference  is  used  for  further  communication  between  the  devices. 


BY  MICHAEL  WARD 

One  of  the  biggest  benefits  of  VoIP  is  the 
ability  to  supply  remote  workers  with  cost- 
effective  telecom  access  anywhere  a 
broadband  connection  exists.  But  ensuring 
VoIP  connectivity  often  proves  challenging 
because  of  the  number  and  variety  of  net¬ 
work  address  translation  firewalls  that 
might  exist  between  a  user  and  a  corporate 
network. 

A  number  of  solutions  have  been  pro¬ 
posed  to  allow  SIP-based  VoIP  calls  to  cross 
firewalls,  but  each  class  of  NAT  firewall 
requires  a  different  technique.  To  further 
complicate  matters,  the  various  NAT  traver¬ 
sal  solutions  proposed  address  only  one 
class  of  NAT  device  —  as  an  example,  the 
Simple  Traversal  of  UDP  through  NAT 
(STUN)  technique  will  not  work  with  sym¬ 
metric  NATs,  which  are  most  often 
deployed  in  enterprise  environments. 

The  Interactive  Connectivity  Establish¬ 
ment  (ICE)  draft,  developed  by  the  IETF’s 
MMUSIC  working  group,  provides  a  frame¬ 
work  to  unify  the  various  NAT  traversal 
techniques.  This  enables  SIP-based  VoIP 
clients  to  successful  traverse  the  variety  of 
firewalls  that  may  exist  between  a  remote 
user  and  a  network. 

ICE  defines  a  standardized  method  for 
SIP-enabled  clients  (or  clients  based  on 
other  multimedia  session  protocols)  to 
determine  what  type  of  NAT  firewall(s) 
exist  between  clients  and  determine  a  set 
of  IP  addresses  by  which  clients  can  estab¬ 
lish  contact.  Using  a  number  of  protocols 
and  network  connectivity  mechanisms, 
such  as  STUN,  Traversal  Using  Relay  NAT 
(TURN)  and  Realm  Specific  IP  (RSIP),  ICE 


learns  about  the  network  topology  in 
which  the  clients  exist  and  the  various  sets 
of  network  addresses  by  which  these 
devices  can  communicate. 

When  an  ICE-enabled  client  (the  initia¬ 
tor)  wishes  to  communicate  with  another 
device  (the  responder),  it  first  collects  as 
many  sets  of  IP  addresses  as  possible  from 


sources  such  as  STUN,  TURN,  RSIP  and 
locally  configured  addresses  that  can  pro¬ 
vide  information  on  addresses  where  the 
client  can  receive  IP  traffic.  A  key  benefit 
that  ICE  provides  is  the  ability  to  unify  the 
information  provided  by  these  various 
sources  of  IP  address  information  to  create 
as  many  paths  as  possible  by  which  the 


endpoints  can  be  reached. 

At  this  point,  the  initiator  client  passes  this 
set  of  addresses  to  a  STUN  server  and  sends 
an  initiate  message  to  the  desired  respon¬ 
der  client.  This  message  contains  all  the 
address  combinations  where  the  initiator 
client  has  learned  it  can  be  reached  via  the 
earlier  discovery  process. 

When  the  responder  client  receives  the 
initiate  message,  it  sends  a  set  of  STUN 
requests  back  to  the  initiator  for  each  of 
these  addresses.Typicallyat  least  one  STUN 
request  from  the  responder  will  reach  the 
initiator  because  of  the  network  topology 
and  the  type  of  NAT  firewall(s)  that  exist 
along  the  path. As  the  initiator  receives  these 
STUN  requests,  it  replies  to  each  in  turn.The 
STUN  responses  that  traverse  back  to  the 
responder  then  indicate  which  addresses 
the  devices  can  use  to  communicate.  The 
address  with  the  highest  order  of  preference 
in  the  original  initiate  message  is  used  for 
further  communication  between  the 
devices. 

By  building  on  a  variety  of  NAT  traversal 
protocols  and  providing  a  unifying  frame¬ 
work,  ICE  benefits  from  the  collective  func¬ 
tionality  of  each  while  avoiding  any  one 
protocol’s  drawback.  As  such,  ICE  enables 
connectivity  between  devices  intercon¬ 
nected  through  unknown  network  topolo¬ 
gies,  and  removes  the  need  for  manual  con¬ 
figuration  or  creating  potential  security  haz¬ 
ards  by  manually  opening  firewalls  for  VoIP- 
related  traffic. 

Ward  is  director  of  product  line  manage¬ 
ment  for  Trinity  Convergence.  He  can  be 
reached  at  mward@trinityconvergence.com. 


I’ve  heard  a  lot  about  high-speed  wireless 
data  services  called  EV-DO.  What  is  that? 

EV-DO  stands  for  Evolution  Data  Optimized  (or 
Data  Only).  It  is  a  third-generation  Code  Division 
Multiple  Access  (CDMA)  cellular  data  protocol  that 
can  offer  broadband  wireless  connectivity  with 
speeds  up  to  2M  bit/sec.  Verizon,  Sprint  and  some 
regional  providers  are  offering  EV-DO  services  in  the 
U.S.  for  approximately  $80  per  month. 

Using  an  EV-DO-capable  phone  or  PC  card  and  a 


laptop,  users  can  connect  to  the  Internet  at  reason¬ 
ably  high  speeds  from  anywhere  they  can  get  a  cell 
phone  signal.  When  EV-DO  service  coverage  is 
unavailable,  the  system  falls  back  to  the  CDMA 
1XRTT  (Radio  Transmission  Technology),  which  fea¬ 
tures  a  maximum  bandwidth  capability  of  144K 
bit/sec. 

Even  IxRTT  connections  are  often  twice  as  fast  as 
dial-up.  EV-DO  connections  deliver  DSL  speeds  to 
mobile  devices,  and  are  available  or  becoming  avail¬ 
able  in  and  around  airports  and  business  centers  in 


most  metropolitan  areas.  Verizon  started  its  rollout 
first,  but  Sprint  is  making  a  big  push  to  expand  cov¬ 
erage  widely  during  the  rest  of  this  year.  Both  carri¬ 
ers  say  they  plan  to  provision  their  entire  network 
coverage  areas  for  EV-DO. 

The  www.evdoinfo.com  Web  site  is  a  good  source 
for  more  EV-DO  news  and  coverage  maps. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@chongea! 
work.com. 
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More  syncing  and  a  back-up  solution 


This  week  we  have  a  potpourri 
of  products,  a  melange  of 
mechanisms,  an  assortment  of 
accessories.  First  is  a  follow-up  to 
last’s  week  column  on  synching  PC 
data  using  a  product  called  Folder- 
Share.  We  just  took  a  look  at  anoth¬ 
er  system  that  provides  a  similar 
service:  BelnSync. 

BelnSync  is  in  many  ways  similar 
to  last  weeks  product:  It  uses  a  cen¬ 
tral  server  to  manage  the  authoriza¬ 
tion  and  coordination  of  connec¬ 
tions  between  machines  to  be  synchronized  and  peer-to- 
peer  technology  to  mediate  data  transfers. 

However,  unlike  FolderShare,  BelnSync  works  only  with 
Windows  2000  SP3+  or  XPEven  so,  it  has  one  feature  that 
is  compelling  for  Microsoft  Outlook  users:  It  will  syn¬ 
chronize  your  Outlook  contacts,  in-box  and  sent  mail 
folders  (but  unfortunately  not  calendar  or  notes  items), 
as  well  as  your  Internet  Explorer  favorites. 

In  the  current  release  of  BelnSync  (Version  1.5)  synchro¬ 
nization  is  only  done  at  file  level;  the  next  release  is  planned 
to  include  support  for  block-level  synchronization. 

In  our  brief  testing  we  found  BelnSync  to  be  very  easy 
to  set  up  and  fast  in  operation.  Our  only  complaint  is  that 
the  user  interface  is  unattractive  and  cluttered. 

There  are  two  editions  of  BelnSync:  the  basic  version, 
which  supports  five  shared  folders  and  10  files  synched 


per  day;  and  the  pro  version,  which  supports  15  shared 
folders  and  unlimited  file  syncs,  automatic  operation  and 
secure  remote  browser  access  to  files  on  your  PC  for  $60 
per  year  or  $100  for  two  years. 

New  from  Iomega 

Our  other  topic  this  week  is  Iomega’s  new  Rev  35  drive. 
You’ll  remember  Iomega  for  its  ZIP  drives,  which  were  a 
huge  force  in  exchangeable  storage  until  writeable  CD 

Rev  35  cartridges  are  more 
robust  in  daily  use  than  tapes, 
CDs  or  DVDs,  and  they  have  a 
theoretical  shelf  life  of  around 
30  years. 

and  DVD  technology  came  to  dominate  the  market. 

Well,  Iomega  is  back  with  an  updated  version  of 
exchangeable  storage:  The  Iomega  Rev  35  drive.  Where 
the  zip  drive  was  a  floppy  on  steroids,  the  Rev  drive  is  a 
re-think  of  hard-disk  technology. The  Rev  35  is  available 
for  Macintosh  and  PC  with  USB  2.0/ 1.1,  Firewire  and 
SCSI  interfaces  for  external  devices;  and  serial  ATA, 
ATAPI  and  SCSI  for  internal  enclosures.  There’s  also  an 
external  SCSI-interfaced  auto-changer  with  bar  code 
scanner. 

Each  Rev  35  cartridge  is  a  2.5-inch  hard-disk  platter  that 


stores  35G  bytes  (90G  bytes  compressed)  housed  in  a 
plastic  shell. That  works  out  to  about  $1.42  per  gigabyte, 
roughly  twice  the  price  per  gigabyte  of  conventional 
hard-disk  drives  and  about  seven  times  the  cost  per  giga¬ 
byte  of  tape.  But  Rev  35  cartridges  are  more  robust  in 
daily  use  than  tapes,  CDs  or  DVDs,  and  they  have  a  theo¬ 
retical  shelf  life  of  around  30  years. 

The  Rev  35  drive  is  bundled  with  Iomega’s  Automatic 
Backup  Pro  softwares  desktop  back-up  solution  that  per¬ 
forms  scheduled  or  continuous  backups  to  Rev  35  drives, 
as  well  as  network  locations;  supports  media  rotation; 
can  restore  an  entire  system  or  specific  files,  or  do  a 
point-in-time  restore;  and  includes  password  protection 
and  AES-based  encryption. 

The  Rev  35’s  performance  depends  on  what  is  being 
backed  up.  For  lots  of  small  files  its  performance  is  as 
good  or  slightly  better  than  tape,  while  for  large  files  it 
operates  about  half  as  well  as  an  average  Integrated  Drive 
Electronics  (IDE)  drive. 

Pricing  starts  at  $400  for  a  USB  Rev  35  drive  and  soft¬ 
ware  with  one  cartridge.  Despite  its  higher  storage  cost, 
relative  newness  in  the  market,  and  the  fact  that  it  is  a  pro¬ 
prietary  system,  the  convenience  and  robustness  of  the 
device  and  its  media  make  the  Rev  35  drive  an  appealing 
back-up  solution  for  small  offices. 

-*L 

Back  up  your  comments  to  gearhead@gibbs.com.  And 
check  Gearblog  at  www.networkworld.com/weblogs/ 
gearblog/  for  links  for  this  column. 
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The  scoop:  i836  phone,  by  Motorola  with  Nextel  service,  about 
$150  (after  rebates  and  service  plan  agreement). 

What  it  is:  The  i836  is  a  cell  phone  packed  with  business-related 
features  and  applications,  such  as  a  speakerphone,  Nextel’s  Direct  Connect  walkie- 
talkie  two-way  calling  service  and  voice  recorder. The  phone  also  supports  Nextel’s 
new  Group  Connect  service,  which  lets  users  talk  to  up  to  20  other  Nextel  users 
nationwide  at  the  touch  of  a  button.  The  clamshell-style  phone  has  a 
sleek  design  and  color  —  no  bright  color  faceplates;  it’s  all  about  the 
executive  gray  Other  features  include  a  contact  address  book  with 
s oace  for  up  to  600  names,  a  65,000-color  internal  display  Multimedia 
Messaging  Service  support,  GPS  support  and  voice-activated  dialing. 
Why  it’s  cool:  The  i836  includes  an  angular  design  and  lines  that 
were  “inspired  by  an  Italian  race  car,”  which  gives  the  phone  some 
curves  that  feel  good  in  your  hand.  In  addition,  the  slick  colors 
make  it  stand  out  from  the  crowd.  At  3.6  ounces,  it  won’t  weigh 
you  down  when  you  throw  it  in  your  pocket.  Those  looking  for  a 
cell  phone  with  lots  of  today’s  features  (except  for  a  camera, 
which  the  unit  doesn’t  have)  should  be  pleased. 

Some  caveats:  Interestingly  as  a  regular  mobile  phone,  the  i836 
fell  short.  On  several  occasions  in  New  York,  our  calls  dropped  or 
had  so  much  static  that  the  person  on  the  other  end  couldn’t  tell 
whether  or  not  we  were  still  on  the  line.  Battery  life  was  unim¬ 
pressive  —  we  were  drained  after  only  one  day  of  regular  usage 
(a  few  phone  calls,  then  remaining  on  awaiting  other  calls).  Navigating  around  the 
menus  took  some  practice  —  more  practice  than  we’d  like  with  our  cell  phones. 
Were  still  not  completely  sure  we  know  how  to  do  everything  with  the  phone. 

Grade:  (out  of  five) 


Motorola's  i836 
phone  means 
business  with 
added  features. 


The  scoop:  Disc  Stakka  CD  &  DVD  Manager,  by  Imation, 
about  $150. 

What  it  is:  The  Disc  Stakka  is  a  hardware  device  that  can 
store  up  to  100  circular  disks  (such  as  audio  CD,  CD-ROM  and 
DVD)  in  a  carousel.  The  device  connects  via  USB  to  a  PC  to 
enable  the  included  OpdiTracker  database  software.  Using  the 
software’s  search  function,  users  can  type  in  keywords  or 
search  for  specific  file  or  folder  names  on  a  disk,  and  the  Disc 
Stakka  will  spin  its  carousel  and  pop  out  the  correct  disk.  If 
you  want  to  store  more  than  100  disks,  you  can  stack  up  to 
four  additional  Disc  Stakkas,  and  with  a  USB  hub  you  can 
eventually  store  up  to  50,000  disks,  Imation  says. 

Why  it’s  cool:  Initially  this  appears  as  a  solution  searching 
for  a  problem,  as  manually  storing  a  bunch  of  disks  isn’t  real¬ 
ly  much  of  a  problem  that  you  need  to  address  with  such  a 
large  device.  The  cool  part  occurred  when  we  started  insert¬ 
ing  our  CDs  and  DVDs  into  our  PC’s  disk  drive  (there’s  no 
drive  on  the  Disc  Stakka),  and  the  OpdiTracker  software 
automatically  scanned  the  disk  and  recorded  its  file  and  fold¬ 
er  name.  Once  in  the  database,  we  could  eject  the  disk  from 
our  regular  CD/DVD  drive  and  store  it  in  the  Disc  Stakka. 

Some  caveats:  Adding  additional  content  to  the  database 
for  each  disk  is  still  a  manual  process  (anything  beyond  disk  name  and  file  names). 
For  example,  for  DVDs  you  may  want  to  add  keywords  such  as  actors,  directors  or 
plot  to  the  database  entry  The  device  takes  up  a  big  chunk  of  desktop  real  estate,  as 
well.The  manual  process  of  retrieving  the  disk  and  then  placing  it  into  our  PC’s  disk 
drive  also  bothered  us.  A  device  that  combines  an  external  CD/DVD  optical  drive 
within  the  storage  carousel  and  database  software  would  really  turn  our  heads. 

Grade: 

Shaw  can  be  reached  at  kshaw@nww.com. 


The  Disc  Stakka 
allows  users  to 
search  for  a  disk  by 
typing  in  keywords. 
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Productivity  enhancers  or  security  risks?  Two  industry  insiders  debate  the  issues. 


Should  firms  strictly  control 
employee  use  of  mobile  devices? 


Yes 


C' 

: 


Mark  Lowenstein 

Mobile  Ecosystem 

I  ompanies  have  done  a  pretty  good  job  of  addressing  the  most  pressing  near- 
■  term  wireless  security  issues,  which  are  mainly  at  the  network  and  authenti¬ 
cation  levels.  They’ve  paid  a  premium  for  BlackBerry’s  Triple-DES  and  Fort 
Knox-like  network  operations  center.  For  remote  access,  most  firms  use  VPN  tunnels, 
which  are  migrating  from  SSL-  to  IPSec-based.  Companies  also  are  getting  a  better 
handle  on  wireless  LAN  security.  That’s  the  good  news.  The  bad  news  is  that  few 
firms  have  taken  a  holistic  look  at  implementing  a  more  comprehensive  company 
mobile  security  strategy 

IT  managers  will  have  to  evolve  their  mentality  over  the  next  couple  of  years,  driven 
by  two  major  developments:  the  rise  of  mobile  devices  as  potential  hosts/perpetrators 
of  security  problems  or  threats,  and  the  fact  that  firms  don’t  have  a  good  handle  on 
how  their  workers  use  these  phones  for  consumer  applications,  such  as  downloading 
music  and  playing  games.“Platform  phones”  (containing  an  open  operating  system, 
based  on  Palm,  Microsoft,  Symbian  or  Linux)  and  higher-end  phones  (equipped  with 
cameras,  music  players,  removable  storage  and  so  forth)  are  essentially  mini-PCs  and 
will  comprise  more  than  a  third  of  the  company-installed  base  by  2008. Think  about 
the  sensitive  data  that’s  on  the  average  BlackBerry  orTreo.Or  about  how  a  virus  might 
be  spread  via  Bluetooth. 

So  what,  specifically,  should  you  do?  I  recommend  the  following  steps: 

•  Start  thinking  about  mobile  device  management.  Focus  on  protecting  any  device 
that  is  considered  a  company  asset  or  contains  potentially  sensitive  data  or  content. 

•  Develop  mobile  policies. Think  about  how  you  should  manage  employees’  per¬ 
sonal  use  of  their  mobile  devices.  Are  you  prepared  to  pay  for  picture  sharing  or 
game  downloads?  What  about  access  to  inappropriate  content? 

•  Start  thinking  about  anti-spam  and  anti-virus  capabilities.  Operators  have  done  a 
pretty  good  job  of  blocking  most  Short  Message  Service  spam,  but  the  onus  will 
increasingly  spread  to  the  company  with  the  broadening  of  message  quantity  and 
type.  Also,  device-based  virus  protection  will  become  a  necessity  for  any  operating 
system-based  phone  in  the  next  12  to  18  months. 

•  Develop  a  key  point  of  contact  at  the  carrier.  Find  out  whom  to  contact,  at  least 
as  an  initial  triage  point,  should  a  mobile  security  breach  or  loss  of  data  occur. 

I’m  not  recommending  that  companies  panic  or  significantly 
increase  their  spending  on  mobile  security  solutions.  However,  secu¬ 
rity  is  a  broader  problem  than  many  firms  believe  and  should  be  con¬ 
sidered  more  horizontally  across  the  spectrum  of  wireless  applica¬ 
tions,  devices  and  usage  scenarios.  As  wireless  becomes  a  main¬ 
stream  component  of  non-voice  applications,  it  will  have  to  be 
brought  into  the  broader  corporate  IT  security  framework. 


No 


Lowenstein  is  managing  director  of  Mobile  Ecosystem.  He  can  be 
reached  at  mlowenstein@m-ecosystem.com.  To  subscribe  to  his  free 
monthly  newsletter, the  “Lens  on  Wireless" go  to  www.m-ecosystem.com. 
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Have  your  say 

What's  your  opinion?  Log  on  to 
NetworkWorld.com  and  let  us  know.  Face- 
off  authors  Mark  Lowenstein  and  Lucy 
McQuilken  will  respond  to  your  comments. 
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Lucy  McQuilken 

Intel  Capital 

orporations  have  legitimate  concerns  about  the  latest  class  of  products  to  con¬ 
nect  to  the  corporate  network.  Employees  are  finding  more  ingenious  ways  to 
use  devices  such  as  smart  phones  and  PDAs  to  stay  connected,  access  impor¬ 
tant  data  and  communicate  more  effectively  This  data  access  is  expensive  and  typi¬ 
cally  happening  outside  the  IT  security  perimeter. 

1  argue,  however,  that  corporations  trying  to  place  excessive  control  over  these 
devices  and  the  applications  that  run  on  them  will  miss  out  on  significant  produc¬ 
tivity  increases  that  will  accrue  to  the  bottom  line. 

To  gain  some  perspective,  it  is  helpful  to  look  at  an  analogous  technology:  Internet 
browsers.  In  the  early  1990s,  Internet  browsers  were  just  gaining  widespread  adop¬ 
tion. The  company  where  I  worked  was  very  concerned  about  loss  of  employee  pro¬ 
ductivity  and  enacted  rules  to  limit  employee  Web  use.  On  the  contrary  what 
occurred  was  one  of  the  greatest  productivity  increases  in  corporate  history. 
Salespeople  could  print  out  maps  and  find  directions  to  customer  sites  on 
MapQuest,  marketing  people  could  do  research  on  potential  competitors  using 
Google,  human  resources  departments  could  find  potential  employees  on  Linkedln, 
and  manufacturing  employees  could  buy  and  sell  used  oscilloscopes  on  eBay  The 
point  is  that  corporations  aren’t  very  good  at  predicting  what  benefits  will  come  from 
new  technology  but  people  will  gravitate  toward  things  that  help  them  do  their  job 
more  effectively 

Smart  phones  and  PDAs  pose  a  similar  challenge.  On  the  one  hand,  they  represent 
expensive,  unmanaged  devices  accessing  the  corporate  network,  posing  unanticipated 
security  threats.  On  the  other  hand,  just  like  the  browser,  they  could  generate  the  next 
big  wave  of  productivity  I  believe  the  latter  —  and  just  as  we  learned  from  the  browser 
experience  —  I  believe  the  best  approach  is  to  leave  it  to  employees  to  figure  out. 

People  are  ingenious  about  their  own  productivity  They  will  find  the  best  devices 
and  applications,  use  them  in  unanticipated  ways  and  spread  the  word.  Of  course, 
there  will  be  the  occasional  time-waster  along  the  way  —  think  ring  tones  —  but  I’ll 
argue  that  even  downloading  a  ring  tone  teaches  people  how  to  use  the  technology 
and  will  equip  them  to  download  things  that  will  make  them  more  productive.  As  for 
security,  the  more  diverse  the  device  set,  the  more  operating  systems  involved, and  the 
more  differentiated  the  applications,  the  harder  it  will  be  for  viruses 
to  spread  and  networks  to  be  hacked. The  money  you  spend  and  the 
experimentation  you  allow  will  affect  your  company  in  ways  you 
can’t  anticipate.  Trust  your  people  to  innovate  and  let  them  experi¬ 
ment.  In  the  end,  they’ll  figure  it  out  for  you. 


McQuilken  is  an  investment  manager  at  Intel  Capital,  responsible  for 
investments  in  early-stage  technology  companies  in  the  Boston  area. 
McQuilken  is  co-founder  and  former  CEO  of  the  mobile  entertainment 
company,  Groove  Mobile  (formerly  Chaoticom).  She  can  be  reached  at 
lucy.mcquilken@intel.  com. 
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Opinions 


John  Dix 

Privacy  bill  calls 
for  sweeping  reform 

In  response  to  a  string  of  prominent  data  privacy  gaffes 
this  past  spring,  Congress  just  proposed  legislation  that 
will  have  broad  IT  implications  for  many  companies. 

The  Personal  Data  Privacy  and  Security  Act  of  2005,  cospon¬ 
sored  by  senators  Patrick  Leahy  (D-Vt.)  and  Arlen  Specter  (R- 
Pa.)  is  a  91-page  bill  designed  “to  prevent  and  mitigate  identi¬ 
ty  theft;  to  ensure  privacy;  and  to  enhance  criminal  penalties, 
law  enforcement  assistance,  and  other  protections.” 

For  network  executives,  the  important  stuff  is  in  the  section 
on  Privacy  and  Security  of  Personally  Identifiable  Informa¬ 
tion  (pages  37  to  63,  see  www.networkworld.com,  DocFinder: 
8240),  which  spells  out  who  must  comply  and  what  they 
must  do. 

The  bill  applies  to  any  business  “engaging  in  interstate  com¬ 
merce  that  involves  collecting,  accessing,  transmitting,  using, 
storing,  or  disposing  of  personally  identifiable  information  in 
electronic  or  digital  form  on  10,000  or  more  U.S.  persons.”  It 
does  not,  however,  apply  to  organizations  subjected  to  the 
Gramm-Leach-Bliley  Act  or  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA). 

Companies  that  fit  the  profile  have  to  “implement  a  compre¬ 
hensive  personal  data  privacy  and  security  program  . . .  that 
includes  administrative,  technical,  and  physical  safeguards.” 

The  bill  roughly  identifies  core  technical  areas  that  need 
to  be  addressed:  “Each  business  entity  shall . . .  control 
access  to  systems  and  facilities  containing  personally  iden¬ 
tifiable  information,  including  controls  to  authenticate  and 
permit  access  only  to  authorized  individuals;  detect  actual 
and  attempted  fraudulent,  unlawful,  or  unauthorized  access 
. . . ;  [and]  protect  personally  identifiable  information  during 
use,  transmission,  storage,  and  disposal  by  encryption  or 
other  reasonable  means.” 

What’s  more,  the  bill  will  require  companies  to  do  regular 
vulnerability  testing,  the  frequency  and  nature  of  which 
would  be  determined  by  risk  assessments  that  are  also 
required  by  the  bill. 

Penalties  for  violations  can  be  stiff  —  $5,000  per  violation, 
per  day,  and  up  to  $35,000  more  per  day  if  the  conditions 
persist  —  and  companies  in  violation  are  also  open  to  civil 
actions  that  could  lead  to  punitive  damages. 

Failure  to  notify  affected  individuals  and  the  authorities 
(the  Secret  Service  and  the  attorney  general  in  each  state 
affected  by  a  breach)  carry  even  tougher  fines:  $5,000  to 
$55,000  per  day 

While  not  as  far  reaching  as  Gramm-Leach-Bliley  or  HIPAA, 
the  bill  as  proposed  will  have  similar  consequences,  requir¬ 
ing  organizations  that  fit  the  mold  to  jump  through  hoops 
to  comply.  As  painful  and  expensive  as  that  may  be.it  is 
required  medicine  for  the  industry. The  breaches  have  been 
too  catastrophic. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


Competing  for  jobs 

Regarding  Linda  Musthaler’s  column, “Get  used  to 
competing  for  jobs”  (www.networkworld.com, 
DocFinder:  8225):  In  response  to  a  recent 
Stanford  graduate’s  statement  that  he  took  a  con¬ 
sulting  job  in  order  to  be  “inject  [ed]  into  compa¬ 
nies  at  a  higher  level,”  Musthaler  asks,  “Whatever 
happened  to  starting  at  the  bottom  and  working 
your  way  up?” 

Musthaler  answers  this  question  herself  when  she 
states:“The  majority  of  the  jobs  haven’t  so  much  dis¬ 
appeared  as  moved  overseas  to  places  such  as 
India,  China  and  Malaysia.” 

When  you  come  out  of  an  institution  of  higher 
learning,  you  had  better  come  equipped  to  jump 
into  a  company  at  a  higher  level  because  the  lower- 
level  jobs  are  going  overseas.  IT  management  and 
project  management  skills  currently  are  of  greater 
value  in  corporate  America. 

Just  because  we  may  have  had  a  career  path  that 
started  with  a  particular  job  level  and  worked 
through  the  ranks  does  not  mean  that  is  the  appro¬ 
priate  path  for  young  graduates  today  who  must 
compete  for  the  jobs  likely  to  remain  in  this  country 

Bob  O’Connor 
Enterprise  systems  architect 
Pennsylvania  State  University 
University  Park,  Pa. 

In  May  I  graduated  from  college  with  a  major  in 
information  systems  and  minor  in  business.  I  agree 
with  Linda  Musthaler’s  point  regarding  how  many 
students  in  the  U.S.  think  a  job  will  fall  into  their 
hands.  Many  of  my  college  peers  didn’t  look  for  an 
internship  or  part-time  job  where  they  could  gain 
experience  in  their  chosen  field.  Those  who  even 
bothered  to  work  while  in  college  often  ended  up 
going  for  jobs  not  related  to  their  major  because  of 
the  pay  or  ease  in  scheduling. 


I  got  my  first  IT-related  internship  when  I  was  16 
during  a  summer  vacation.  The  pay  wasn’t  great, 
but  at  least  I  got  some  experience.  While  I  was  still 
in  high  school,  1  got  a  part-time  job  in  a  major  local 
hospital’s  MIS  department,  where  I  volunteered 
one  summer.  I  stuck  with  that  job  until  I  was  a 
junior  in  college. 

Eventually  I  had  a  summer  internship  involving 
Web  development.  Since  that  was  a  flexible  position, 
I  was  able  to  pick  up  another  internship  that  sum¬ 
mer,  which  was  related  to  computer  hardware.  That 
ended  up  being  a  part-time  job  for  me  while  I  was 
finishing  up  my  senior  year  in  college. 

Looking  back,  I  am  grateful  for  those  opportuni¬ 
ties,  which  allowed  me  to  gain  experience  in  vari¬ 
ous  areas  of  IT.  Once  I  was  approaching  graduation 
and  was  looking  for  a  full-time  job,  I  did  not  face  as 
many  problems  as  my  peers  have. 

I  agree  that  finding  a  job  nowadays  is  all  about 
competition,  and  no  one  should  expect  that  they 
will  land  their  dream  job  right  after  graduating 
from  college,  especially  if  they  have  no  real-world 
experience.  Many  colleges  don’t  emphasize  hands- 
on  experience  as  much  as  they  should. 

Samir  Kadoo 
Baltimore 

OK,  American  programmers  are  bad,  and  foreign 
programmers  are  good.  Large  employers  treat  U.S. 
programmers  poorly  and  threaten  to  send  jobs 
overseas,  then  are  surprised  when  we  have  a  poor 
outlook  and  no  loyalty 

We  may  be  lots  of  things,  but  we’re  not  stupid. 
Please  give  us  all  a  break. 

John  Russo 
North  Haven,  Conn. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix.  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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Out  of  the  crossfire,  into  deployment 


As  an  analysts  often  feel  most  validated  when 
groups  on  both  sides  of  an  issue  are  equally 
upset  about  a  presentation  I’ve  given.  When 
in  the  past  both  Microsoft  and  Liberty  Alliance 
complained  about  my  positions  on  federated 
identity  I’ve  taken  the  crossfire  as  proof  that  my 
point  of  view  was  balanced. 

This  year,  however,  Microsoft  liked  my  presenta¬ 
tion  at  Burton  Group’s  Catalyst  Conference,  and 
Liberty  Alliance  seemed  happy  enough,  as  well. 
All  the  positive  feedback  had  me  wondering: 
What  gives? 

Something  has  changed  for  the  better  in  the 
industry  In  my  speech  I  said, “The  glass  of  identity 
interoperability  is  three-quarters  full.”  Last  year,  a 
similar  slide  read  “half  full.” 

The  difference  today  is  that  the  interoperability 
of  vendor  products  has  exceeded  anyone’s 
expectations.  This  spring,  when  planning  a  multi¬ 
vendor  and  multi-protocol  federation  demo  for 
Catalyst,  I  thought  we  would  be  lucky  to  find  a  few 
vendors  with  multi-protocol  hubs  to  coordinate. 

But  in  the  actual  demo,  14  identity-management 
vendors  interoperated  through  multi-protocol 
hubs;  translation  and  hybrid  scenarios  involved 
browsers  and  Web  services.  They  simulated  an 
“automotive  value  chain,”  where  dealers  and  man¬ 
ufacturers  use  different  federation  protocols, 
showing  interoperability  between  Liberty  Alli¬ 


ance,  Shibboleth,  multiple  versions  of  Security 
Assertion  Markup  Language  (SAML),  WS- 
Federation  Passive  Profile,WS-Security  and  the  WS- 
Trust  specification,  which  defines  a  Security  Token 
Service. The  last  three  are  part  of  the  WS  family  of 
protocols  Microsoft  and  IBM  are  developing. 

In  addition,  Microsoft,  IBM  and  partners 
announced  their  commitment  to  contribute  WS- 
Trust,  WS-SecurityFblicy  and  WS-SecureConversa- 
tion  to  the  Organization  for  the  Advancement  of 

The  interoperability  of 
vendor  products  has 
exceeded  expectations. 

Structured  Information  Standards  (OASIS)  in 
September.  This  long-awaited  move  and  the  suc¬ 
cessful  interoperability  demo  signify  that,  for  the 
most  part, vendors  have  moved  past  arguing  about 
the  standards  and  on  to  implementing  them. 

With  the  standards  wars  winding  down  at  last, 
some  loose  ends  remain.  Microsoft  should  still 
develop  full  OASIS  SAML  browser  profile  support. 
Liberty  Alliance  should  begin  converging  some  of 
its  advanced  work  with  theWS  specifications  now 
going  to  OASIS.WS-Policy  and  other  specifications 
from  Microsoft  and  IBM’s  vendor  group  should 
also  go  to  OASIS  or  another  standards  body  soon. 


However,  technical  interoperability  is  only  half 
the  battle.  Business  interoperability  —  establishing 
relationships  of  trust  between  disparate  business 
units  or  business  partners  —  is  the  bigger  prob¬ 
lem.  Companies  still  lack  standards  for  business 
rules,  and  audit  and  accreditation  mechanisms. 

Still,  customers  should  be  encouraged  by  the 
improved  technical  interoperability  climate. 
Include  federated  identity  in  the  enterprise  iden¬ 
tity-management  architecture  and  consider  how 
to  leverage  it  to  solve  identity  problems  today 
Specify  SAML  2.0  for  browser  federation  needs 
and  WS-Security  for  Web  services  security. 
Consider  WS-Trust  security  token  services  for 
more  complex  interoperability  scenarios. 

When  running  a  federation  project,  users 
(unlike  analysts)  don’t  want  to  get  caught  in  the 
crossfire.  Keep  the  trust  fabric  simple,  working 
with  current  partners  first  and  turning  to  industry 
trust  frameworks  (such  as  the  Federal  E- 
Authentication  Initiative)  for  broader  deploy¬ 
ments.  Perform  risk  analysis,  protect  user  privacy 
and  involve  stakeholders,  such  as  application 
owners  and  general  counsel,  early  in  the  process. 

Blum  is  senior  vice  president  and  research  direc¬ 
tor  with  Burton  Group,  an  integrated  research,  con¬ 
sulting  and  advisory  service.  He  can  be  reached  at 
danjblum  @yahoo.  com. 
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No  room  for  complacency  in  net  mgmt 


Managing  a  data  network  in  2005  is  much 
simpler  than  in  1995  or  even  1985.  The 
tools  are  more  intelligent,  and  the  infor¬ 
mation  available  is  more  accurate  and  complete. 
But  network  managers  have  let  this  sophistica¬ 
tion  cloud  over  a  fundamental  trait  of  corporate 
networking  in  2005  —  application  fluidity 
In  the  past,  network  managers  focused  on  con¬ 
figuration  and  faults,  the  hot  points  where  out¬ 
age  problems  were  diagnosed  and  resolved. Less 
demanding  issues,  such  as  performance,  were 
addressed  by  adding  bandwidth.  Applications 
that  used  the  network  tended  to  be  transaction- 
based.  Performance  could  be  measured,  and 
poor  response  time  always  could  be  blamed  on 
the  IT  department  rather  than  the  network. 

Applications  today  can  be  a  complex  mix 
of  data,  voice  and  video  traffic,  all  masked  by 
the  fact  that  they  use  IP  A  corporate  network 
must  accommodate  real-time  voice  telephony 
instant  messaging,  video  teleconferencing,  file 
transfers,  storage  backup/recovery  and  peer-to- 
peer  interaction,  in  addition  to  the  corporate 
core-application  transaction  traffic.  Application 
additions  and  deletions  are  fluid  in  nature  and 
can  occur  almost  instantly.  Applications  that 
utilize  networks  are  becoming  increasingly 
intelligent,  using  sophisticated  middleware  to 
enable  direct  application-to-application  com¬ 
munication.  This  fluid  state  can  only  become 
more  volatile  with  the  construction  of  applica¬ 
tions  using  a  service-oriented  architecture 
(SOA)  and/or  grid  technology. 


Network  performance  is  again  on  the  front 
burner. The  adage, “If  it’s  not  broken,  don’t  fix  it,“ 
will  no  longer  explain  out-of-date  revision  levels 
for  software  in  routers  and  switches,  and  delays 
in  converting  a  network  from  IPv4  to  IPv6,  which 
may  be  required  to  accommodate  new  applica¬ 
tion,  server,  storage  and  user  demands. 

The  first  change  that  must  occur  is  a  mind-set 
update:  Network  managers  must  realize  that  per¬ 
formance  is  an  issue  even  if  a  network  is  operat¬ 
ing  without  user  complaints.  Next,  they  must 
evaluate  and  begin  to  use  a  new  category  of 

The  first  change  that  must 
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update. 

test/monitoring/management  software  that  will 
allow  for  a  readiness  assessment  of  a  network 
before  applications  are  introduced.  This  is  espe¬ 
cially  true  for  a  VoIP  application.This  new  type  of 
management  software  is  application  aware  and 
will  look  at  a  network  and  infrastructure  compo¬ 
nents  to  identify  problem  areas  before  an  appli¬ 
cation  is  deployed.  VoIP  is  just  one  example. The 
same  type  of  software  can  be  used  to  identify  off¬ 
site  backup/recovery  or  any  other  application- 
specific  network  performance  problems. 

Finally  a  change  is  needed  in  the  way  network 
performance  management  is  handled.  Perform¬ 
ance  now  must  be  monitored  and  managed 
using  a  set  of  predetermined  and  agreed-upon 


metrics.  Policy  must  be  established  and  then 
translated  into  network  monitoring  criteria. 
In  some  cases,  existing  network  management 
system  tools  can  be  used  to  perform  monitoring 
tasks.  In  other  cases,  new-application  intelligent 
software  must  be  integrated  into  the  management 
environment. 

This  type  of  software  usually  has  four  compo¬ 
nents  —  local  agent,  data  gathering, 
analysis/report  generation  and  repair/correction. 
A  local  agent  may  reside  in  a  client,  server,  stor¬ 
age  and  even  application  software  itself.  An  agent 
is  the  key  element  required  to  generate  and  mon¬ 
itor  performance  metric  information,  which  is 
then  gathered  for  real-time  or  future  analysis. 
Finally,  manual  or  autonomic  actions  can  be 
taken.Today,  in  almost  all  cases,  manual  action  is 
taken  after  a  level  of  management  approval.  In 
the  future,  software  itself  can  make  changes 
required  to  meet  performance  expectations.  With 
new  carrier  options  such  as  dynamic  bandwidth 
allocation  and  component  update/upgrade  tech¬ 
nology  which  promises  zero  downtime,  a  high 
degree  of  automatic  performance  management 
can  be  achieved  in  networks. 

Always  remember:  Applications-aware  manage 
ment  must  go  hand-to-hand  with  applications- 
aware  networking. 

Dzubeck  is  president  of  Communications 
Network  Architects,  an  industry  analysis  firm  in 
Washington,  D.  C.  He  can  be  reached  at 
fdzubeck@commnetarch.  com. 
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1995:  On  an  average  day,  49-million  Web 
addresses  and  emails  were  processed  across 
the  Internet. 

2005:  Today  and  every  day,  VeriSign  Intelligent 
Infrastructure  directs  over  14-billion  Web 
addresses  and  emails. 


1995:  In  one  year,  90-million  people  used  their  mobile 
phones  to  make  and  receive  calls. 

2005:  Today  and  every  day,  VeriSign  Intelligent 
Infrastructure  delivers  high-quality  voice  and  interactive 
content  services  to  over  1.5-billion  mobile  users,  including 
hundreds  of  millions  of  calls  and  SMS  messages  and  over 
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For  the  last  decade,  VerlSign  has  helped  drive  dramatic  transformation  in  the  delivery  of  communications,  commerce,  and  content, 
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With  a  simple  and  unwavering  mission  to  enable  and  protect  all  forms  of  interactions  over  voice  and  data  networks,  VeriSign  Intelligent 
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1995:  In  one  year,  the  total  of  all  online 
shopping  transactions  reached  $362-million. 


2005:  Today  and  every  day,  VeriSign  Intelligent 
Infrastructure  enables  over  $100-mi!!ion  in 
secure  e-commerce  transactions. 


1995:  At  year  end,  a  total  of  25,000  Web  sites 
existed,  only  3,000  of  which  had  implemented 
any  security  measures. 


2005:  Today  and  every  day,  VeriSign  Intelligent 
Infrastructure  secures  over  450,000  Web  sites 
and  monitors  over  1-billion  security  events  for 
over  3,000  global  enterprises. 
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Microsoft 


Windows  Server  2003  s  15%  more  r  liable 
than  Red  at  Linux. 


VeriTest  studied  the  reliability  of  both  Windows  Server  and  Linux  back-end 
infrastructures  and  end-user  service  loss  time  on  identical  hardware  set-ups. 
For  the  full  results,  go  to  microsoft.com/getthefacts 
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The  life  and  times  of  an 


acquired  by  Symbol  last  year. 
Chippy  will  be  a  Class  0  UHF  tag 
that  is  read-only  and  operates  in 
the  900-MHz  range.  Ingalls  says  he 
chose  this  design  because  read¬ 
only  RFID  tags  offer  high  levels  of 
security,  don’t  require  batteries  or 
line  of  sight  and  can  be  read  from 
up  to  25  feet  away.  Also,  the  passive 
tags  are  less  expensive  —  as  little 
as  20  cents  per  tag  —  than  their 
battery-powered  counterparts, 
which  can  run  $20  to  $100  each. 

Shoemaker  says  the  gestation 
period  for  an  RFID  chip  can  be  up 
to  six  months  or  more.  “You  have 
to  do  a  pilot  and  run  prototypes," 
Shoemaker  says.  Matrics  spent 
more  than  a  year  and  millions  of 
dollars  to  develop  the  passive 
UHF  RFID  chip  and  bring  it  to  pro¬ 
duction,  he  says. 

Before  committing  to  the  chip 
design  and  overall  project  in 
October  of  2004,  McCarran  put 
Symbol/Matrics  through  a  several- 
months-long  RFP  process.’  We  had 
the  screening  requirement 
9/11  and  we  became  sure  pretty 
early  on  that  that  we  wanted  to 
move  to  RFID 
bar  codes,”  Ingalls  says 


Designing  Chippy 

The  design  of  an  RFID  chip  de¬ 
pends  on  its  intended  use,  says 
John  Shoemaker,  vice  president  of 
business  development  for  trans¬ 
portation  and  aviation  solutions  at 
Symbol  Technologies. 

“There  are  different  chips  for  dif¬ 
ferent  applications,”  he  says.“ln  the 
process  of  making  the  chip,  you 
need  to  be  clear  on  the  architec¬ 


tural  design.” 

McCarran  chose  an  architecture 


developed  by  Matrics, 
which  was 
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McCarran  International  Airport  in  Las  Vegas  is  launch¬ 
ing  a  $125  million  program  to  embed  RFID  chips  in 
baggage  tags  as  a  way  to  meet  post-Sept.  1 1  security 
screening  mandates  and  to  improve  the  accuracy  of  baggage 

handling  at  the  airport. 

McCarran,  which  handles  more  than  68,000  pieces  of  luggage  daily  is  committed  to  buy¬ 
ing  100  million  RFID  tags  over  the  next  five  years,  according  to  Samuel  Ingalls,  assistant 
director  of  Aviation,  Information  Systems  at  McCarran.  O  It  ■  ■%«  > 

This  is  the  story  of  one  of  those  chips. We’ll  call  its  ■  ■  ■ 
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h  chip  is  born 

Chippy,  like  all  of  its  semiconductor  brethren,  began  its 
life  as  sand.  Symbol  contracts  with  manufacturing  plants 
in  China,  Japan  and  Taiwan  to  create  silicon  chips.  For  the 


McCarran  project,  Symbol  chose  Taiwan  Semiconductor 
Manufacturing  Co.  (TSMC),one  of  the  largest  chip  makers 
in  the  world. 

The  chips  use  radio  frequency  design  techniques  — 
there  is  such  intricate  circuitry  that  it’s  mind-boggling, 
Shoemaker  says. 

The  circuit  board  chips,  which  are  no  bigger  than  a 
grain  of  sand,  are  placed  on  a  semi-conductor  wafer. Shoe¬ 
maker  says  30,000  to  60,000  chips  are  housed  on  each 
wafer,  which  is  about  8  inches  and  circular.  He  adds  that 
each  semiconductor  manufacturing  plant  can  churn  out 
billions  of  chips  each  week. 

Once  the  wafers  are  complete,  TSMC  ships  them  to 
Symbol’s  San  Jose  facility  to  be  paired  with  the  antenna 
needed  for  signaling.  Symbol  couples  the  antenna  and 
the  chip  on  a  substrate  inlay  The  chip  is  applied  to 
the  inlay  —  which  is  already  outfitted  with  a 
1-ounce  antenna  —  using  an  adhesive. 

Chippy  measures  2-by-4  inches,  although  other 
tags  that  require  a  greater  read  distance  could 
be  as  large  as  4-by-4  inches,  Shoemaker  says.  “If 
you  need  to  read  a  tag  from  more  than  25  feet 
away,  even  though  the  tag  has  no  battery  and  is 
reflecting  a  signal,  you’ll  need  a  bigger  inlay  or 
use  more  powerful  signals  from  the  reader.”  He 
adds  that  read  ranges  up  to  50  feet  have  been 
demonstrated,  but  must  be  approved  with  a  spe¬ 
cial  license  from  the  FCC.  Nearly  all  the  current 
installations  are  FCC-compliant  at  1  watt  of 
power  (similar  to  a  cell  phone)  and  do  not  need 
a  special  license. 

The  next  step  is  to  send  Chippy  to  a  label  maker, 
where  the  inlay  is  embedded  in  a  traditional  paper 
bag  tag,  complete  with  the  traditional  adhesive  backing. 
“Unless  you  opened  up  the  bag  tag  and  saw  the  antenna, 
you’d  never  know  it  was  there,”  Shoemaker  says. 

Ingalls  agrees.  He  says  only  passengers  holding  the  tags 
up  to  the  light  would  be  able  to  see  the  antenna  embed¬ 
ded  in  the  tag.The  tags  weigh  no  more  than  2  ounces  and 
are  equivalent  to  the  21-inch  stock  normally  used  by  air¬ 
lines  to  label  bags. 

Chippy  gets  a  job 

Once  the  tags  are  complete,  they  are  ready  to  be  shipped 
to  the  customer  —  in  this  case,  McCarran.  Ingalls  says  he 


leaves  the  intricate  details  of  how  the  labels  are  embed¬ 
ded  with  RFID  chips  to  Symbol.“We  wanted  one  vendor  to 
take  the  hit  -  not  deal  with  a  bunch  of  vendors,”  he  says. 

Chippy  arrives  at  the  McCarran  warehouse  in  Las  Vegas 
as  part  of  a  175-tag  roll  of  labels.“We  actually  have 
set  up  a  schedule  with  Symbol  for  them  to  be 
delivered  on  a  regular  basis  over  the  next 
few  years,”  Ingalls  says. 

Ingalls  and  his  team  manage  all  the  net¬ 
works  in  the  airport  -  airline  check-in,  bag¬ 
gage  handling.  He  says  this  centralization 
makes  it  easy  to  roll  out  the  RFID  tech¬ 
nology  airport-wide.  Ingalls  distribute 
the  new  bag  tags,  printers,  RFID  readers 
and  other  equipment  to  the  airlines, 
baggage  handlers  and  other  neces¬ 
sary  users. 

Already,  Ingalls  has  started  retro¬ 
fitting  check-in  agent  stations  with 
Vidtronix  printers  to  support  the 
embedded  tags.  When  passengers 
arrive  at  the  terminal,  they  place 
their  luggage  on  the  scale  as  usual. 

The  agent  checks  them  in,  prints  out  an 
RFID-enabled  tag  and  affixes  it  to  the  luggage. 

The  read-only  chip  in  the  tag  features  two  important 
pieces  of  information  —  the  three-letter  airport  code 
(in  this  case,  LAS)  and  a  pre-printed  10-digit  identifier. 
Ingalls  says  having  only  this  information  is  important  for 
the  privacy  of  passengers.  If  someone  were  to  try  to  read 
the  tag,  he  would  not  be  able  to  get  any  personal  data 
about  the  passenger. 

At  check-in,  that  10-digit  identifier  is  mapped  to  the 
passenger  in  the  airport  and  to  the  airline  tracking  sys- 
tems.The  identifier  then  links  the  baggage  to  important 
information  regarding  destination,  origination  point, 
connections,  flights, security  status,  etc.The  tags  are  also 


still  printed  with  the  traditional  bar  code  and  other  vis¬ 
ible  information  for  all  the  systems  still  using  legacy 
optical  technology. 

“From  the  standpoint  of  populating  information  into 
the  database,  it  isn’t  much  different  than  the  bar  code,” 
Ingalls  says. 

Once  the  agent  makes  sure  that  the  tag  is  “live,”  using  an 
RFID  reader,  the  bag  is  put  on  a  conveyor  belt  and  sent,  to 
security  screening. 

“Here  the  bag  begins  a  long,  complex  journeyf  Ingalls 
says. 


Chippy  goes  for  a  ride 

After  Sept.  1 1 ,  airports  and  airlines  were  given  strict  man¬ 
dates  about  security  screening  for  luggage.  At  the  time, 
McCarran’s  screening  was  decentralized.To  meet  the  new 
regulations,  the  airport  is  constructing  a  state-of-the-art 
centralized  security  system  that  will  feature  six,  two-level 
screening  facilities  with  four  miles  of  conveyors. 

“It’s  a  large,  complex  system  broken  down  into  screen¬ 
ing  nodes,”  Ingalls  says.  The  screening  nodes  require  70 


different  reader  and  antennae  arrays  to  read  the  bag  tags. 

“There  is  an  array  of  antennas  around  each  segment  of 
baggage  conveyor,”  he  says.  Within  each  array  there  are 
four  antennas  around  the  frame  of  the  conveyor  —  above, 
below  and. on  both  sides.  “The  redundancy  ensures  that 
no  matter  which  way  the  antenna  is  pointing,  the  tag  can 
be  read.” 

Bags  entering  the  screening  facility  are  subject  to  differ¬ 
ent  types  of  security  scans,  such  as  bomb  detection. The 
RFID  tags  enable  the  bags  to  navigate  the  system  auto¬ 
matically  —  with  readers  at  every  critical  juncture. 

The  readers  can  scan  a  tag  that  has  been  crumpled, 

trapped  inside  a  zipper,  or  partially  destroyed. “We  want 
to  make  sure  the  system  is  tough  and  impervious  to 
damage,"  Ingalls  says. 

The  RFID  tags  offer  a  99.8%  accuracy  read  rate, 
unlike  their  bar  code  counterparts,  which  are  only  at 
around  85%  accuracy  Bar  codes  must  be  line  of  sight 
and  are  useless  if  marred  or  blocked  in  any  way  If  a 
bag  is  upside  down  or  turned  around  on  the  con¬ 
veyor,  the  bar-coded  tag  is  basically  useless.  This 
causes  headaches  for  the  airport  system,  including 
the  potential  for  bags  to  miss  flights. 

When  Chippy  enters  the  security  facility7,  it  intro¬ 
duces  itself  to  the  system  via  a  reader.This  determines 
that  the  bag  has  a  unique  identifier  and  is  valid. The 
reader  also  checks  to  make  sure  that  the  tag  is  from  the 
McCarran  system  and  not  somewhere  else. 

Once  Chippy  is  matched  to  the  system,  the  luggage  pro¬ 
ceeds  along  the  conveyor  to  various  checkpoints.  At  each, 
the  tag  is  read  and  a  time-stamp  is  written  back  to  the 
database,  creating  a  trail. 

“If  a  bag  has  been  identified  for  additional  screening  or 
manual  search,  it  would  be  diverted  automatically 
through  the  conveyor  system,”  Ingalls  says.  “There  is  no 
manual  involvement.” 

When  the  baggage  reaches  the  end  of  its  individual 
security  screening  checklist,  it  must  be  reunited  with  its 
flight.  The  tag  readers  help  navigate  the  bag  through  the 
conveyor  system  to  a  carousel  where  the  flight  baggage 
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Google  searches  for  an 
enterprise  space 

BY  THOMAS  POWELL,  NETWORK  WORLD  LAB  ALLIANCE 

The  Google  Search  Appliance  packages  up  the  company’s  famously  accu¬ 
rate  technology  into  an  easy-to-use  search  engine  for  intranets  and  public¬ 
facing  corporate  sites.  In  our  Clear  Choice  test  of  the  GB-1001  model,  we 
found  that  while  the  searching  and  indexing  features  live  up  to  the  Google 
name,  the  product  lacks  polish  and  advanced  management  features. 


GOOGLE  SEARCH  APPLIANCE  (GB-1001) 


Google 


Results  4.35 


The  appliances  honeycomb  case  caught  our  eye,  but 
the  whimsy  wore  off  as  we  began  to  notice  occasional 
unevenness  in  the  appliance.  For  example,  the  appliance 
takes  a  number  of  minutes  to  start  up  and  run  its  various 
system  checks.To  alert  you  it  is  done,  it  plays  a  little  tune. 
In  testing  in  our  server  room  and  at  a  collocation  facility, 
we  couldn’t  hear  the  tune  over  the  dull  roar  of  such  envi¬ 
ronments  and  had  to  manually  probe  for  the  system’s 
state. 

The  GB-1001  does  not  provide  obvious  light  indicators 
or  a  small  LCD  screen  on  the  unit.  No  on-off  switch  is  pro¬ 
vided,  as  the  designer  likely  intended  you  to  go  through 
the  proper  shutdown  procedure.  We  experi¬ 
enced  an  unplanned  UPS  failure,  and  upon 
power  restoration  the  box  recovered  prop¬ 
erly  once  it  performed  an  automated 
rebuild  of  its  RAID  system  that  lasted  sever¬ 
al  hours.  After  you  do  trigger  shutdown 
through  the  Web  administration  system  pro¬ 
vided,  you  need  to  be  careful  not  to  cut 
power  too  early;  otherwise,  you  will  have 
the  RAID  rebuild  wait  on  your  hands. 

We  also  found  other  polish  points  lacking. 

Within  the  administration  system,  confirma¬ 
tions  of  configuration  changes  didn’t 
appear  in  a  logical  place,  form  fields  were 
slightly  misaligned  or  oddly  arranged,  warn¬ 
ing  messages  did  not  appear  reliably  help  information 
was  too  concise  or  lacked  good  examples,  result  output 
previews  didn’t  always  work,  and,  in  some  cases,  error 
messages  lacked  detail. 

There  were  some  bright  spots,  including  clear  installa¬ 
tion  documentation,  color-coded  cables  and  a  built-in 
DHCP  server  that  allowed  us  to  plug  in  a  laptop  and 
quickly  configure  the  network  settings. 

Using  a  Web-based  GUI,  your  first  step  after  installation 
would  likely  be  to  define  a  search  index  by  indicating 
starting  URLs,  URL  patterns  and  file  types  that  should  be 
recorded  and  discarded  by  the  crawler,  (see  “How  we  did 
it"  at  www.networkworld.com,  DocFinder:  8223). 

According  to  Google,  the  crawler  is  capable  of  indexing 
220  types  of  content.  In  our  test  we  saw  no  limitation  in 


the  crawler,  and  found  that  the  device  tended  to  discover 
files  that  we  were  not  aware  of  in  some  test  data  sets. 

You  will  likely  want  to  break  up  the  indexed  documents 
into  different  collections  based  upon  a  URL  pattern.  The 
GB-1001  allows  for  an  unlimited  number  of  collections. 

The  crawler  is  quite  adept  at  dealing  with  secured  con¬ 
tent.  It  handles  Secure-HTTP  connections  and  can  negoti¬ 
ate  basic  authentication,  NT  LAN  Manager  authentication, 
and  custom  cookie  and  form-based  access.  The  GB-1001 
can  crawl  content  from  databases,  including  Oracle,  SQL 
Server,  mySQL,  IBM  DB2  and  Sybase.  If  you  happened 
upon  a  data  type  the  crawler  cannot  access,  you  can  feed 


it  directly  to  the  device  in  an  XML  format. 

Google  does  limit  its  appliances  by  document  count 
starting  with  500,000  for  the  base  unit  (for  smaller  deploy¬ 
ments,  use  the  Google  Mini;  see  story  at  DocFinder:  8224). 
You  can  of  course  increase  your  license  and  associated 
hardware  to  build  out  a  search  infrastructure  that  could 
support  millions  of  documents.  When  you  size  your  appli¬ 
ance  be  aware  that  if  you  plan  on  doing  direct  database 
indexing,  Google  will  count  each  record  as  a  document, 
so  you  might  chew  up  a  license  very  quickly 

One  aspect  of  the  crawl  process  that  we  especially  liked 
was  the  diagnostics  facility,  which  was  not  only  useful  to 
understand  what  the  crawler  was  doing,  but  it  also  clearly 
helped  us  isolate  such  indexing  problems  as  broken  links, 
server  issues  and  access-denied  problems. 


Starting  at  $30,000  for  500,000  documents 


Pros:  Powerful  and  accurate  search;  flexible 
search  results;  easy  to  configure  and 
maintain. 

Cons:  Weak  security  posture  for  administration; 
annoying  industrial  design  and  interface 
design  gaps. 

The  Breakdown 

Search  40% 

5 

Administration  30% 

4 

5:  Exceptional 

4:  Very  good 

3:  Average 

Security  10% 

2.5 

Interface  10% 

4 

2:  Below  average 

Installation  10% 

5 

1:  Consistently  star 

Total  score 

4.35 

The  GB-1001  provides  a  great  deal  of  flexibility  for  the 
search  page  and  result  listings.  Some  administrators  may 
be  happy  to  use  the  page  layout  helper  and  modify  the 
logo  and  basic  aspects  of  the  search  page.  However,  most 
folks  will  probably  want  to  modify  the  results  to  fully  inte¬ 
grate  it  into  the  look  and  feel  of  the  site.  If  you  are  familiar 
with  XML  Stylesheet  Language  Transformation  you  can 
modify  a  near-3, 000-line  template  that  controls  just  about 
every  aspect  of  the  search  form  and  result.  If  this  doesn’t 
suit  you,  just  use  the  raw  XML  returned  from  the  appliance 
and  do  whatever  you  like,  including  putting  it  into  anoth¬ 
er  system. 

Google’s  approach  is  to  implement  searches  in  an  easy-to- 
use  “black  box”  fashion,  which  could  place  constraints  on  a 
private  search.You  turn  the  appliance  loose, 
and  it  ranis  based  upon  the  Google  algo¬ 
rithm.  We  were  pleased  that  the  accuracy  of 
the  test  search  lived  up  to  what  we  see  in 
everyday  use  of  the  Google  Internet  search.lt 
easily  found  buried  test  phrases  and  correct¬ 
ly  identified  primary  documents. 

The  GB-1001  provides  features  to  massage 
the  results;  unfortunately  some  are  a  bit  lim¬ 
ited  or  not  well  documented.The  most  valu¬ 
able  feature  for  search  customization  is  the 
KeyMatch  configuration,  which  allows  you 
to  define  keywords,  phrases  and  exact 
queries.The  latter  returns  up  to  three  match¬ 
es,  or  five  if  you  dig  to  find  out  about  a  set¬ 
ting  change.The  Synonym  setting  provides  a  useful  way  to 
suggest  alternate  search  terms  triggered  by  the  original 
query.  It  is  also  possible  to  create  filters  against  the 
domain  in  which  a  document  is  found,  the  language  a 
document  is  written,  the  file  type  it  was  created  or  the 
meta  tag  it  was  given.  The  meta  tag  facility  if  carefully 
applied, can  provide  a  rich  system  to  slice  indexed  data  in 
a  variety  of  ways:  by  author,  owner,  or  rating,  for  example. 

Various  front-end  and  search-result  features  we  tested 
took  an  unpredictable  length  of  time  to  register  our 
changes.  If  you  add  synonyms,  keyword  matches  or  a  vari¬ 
ety  of  other  template  changes,  you  typically  can’t  see  the 
result  right  away  You  must  be  patient  if  you  like  to  tinker. 

In  terms  of  performance,  the  GB-1001  appliances  start  at 

See  Google,  page  46 


The  GB-100's  honeycomb  case  makes  an  interesting  wrapper  around  Google's  tried-and-true 
search  engine,  but  the  company  will  need  to  beef  up  security  and  management  features  to 
better  suit  it  up  for  enterprise  deployment. 


If  you  have  IT,  you  have  some  kind  of  pain.  There's  no  escape. 
But,  Raritan  has  solutions  that  can  provide  relief. 

•  Perhaps  you  have  a  problem  with  secure  remote  access? 

•  An  obsession  with  uptime? 

•  Or  you're  getting  kicked  by  the  need  to  manage 
increased  complexity  and  rising  costs? 

Come  to  the  site.  Find  your  solution.  Reduce  your  pain 
and  suffering,  as  well  as  increase  your  ROI. 


ili  Raritan. 

When  you're  ready  to  take  control.™ 
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roster  is  created. That  drop-off  point  is  recorded  into 
the  Oracle  database  so  the  baggage  handlers  are 
aware  that  it  is  ready  for  boarding  and  the  airlines 
can  track  the  average  time  it  takes  a  bag  to  go 
through  screening. 

Leaving  Las  Vegas 

For  Chippy,  this  is  the  end  of  its  usefulness  for 
McCarran  Airport.  But  Ingalls  hopes  that  airlines  will 
take  advantage  of  the  embedded  chips  “upstream”  to 
help  passengers  track  their  bags  and  to  speed  fre¬ 
quent-  flyer  check-ins.  He  also  thinks  RFID  technology 
eventually  will  help  reduce  the  minimum  connection 
time  that  airlines  need  for  baggage  to  transfer  flights. 

Already,  Ingalls  sees  the  benefits  of  the  RFID  technol¬ 
ogy  The  99.8%  accuracy  rate  of  tag  reading  alone  will 
save  the  airport  and  airlines  hundreds  of  thousands  of 
dollars  each  year.  Lost  or  delayed  luggage  costs  the  air¬ 
lines  an  average  of  $100  per  passenger.  This  price  in¬ 
cludes  courier  services  to  get  luggage  to  the  passenger  or 
fees  to  replace  items.  The  airports  also  have  to  pay  for 
baggage  handlers  to  sort  out  problems  when  they  arise. 


Ingalls  says  even  a  10%  failure  to  read  bag  tags  results  in 
6,800  bags  having  to  be  dealt  with  manually.“That’s  a  four- 
mile  line  of  bags  that  someone  would  have  to  deal  with,” 
he  says. 


Ingalls  adds  that  he’s  working  alongside  McCarran’s 
tenant  airlines,  which  are  all  actively  looking  at  RFID 
for  their  own  operations.  “We  tried  to  architect  a  sys¬ 
tem  that  is  open  from  a  standards  standpoint  and 
flexible  and  scalable.  Right  now,  the  chip’s  usefulness 
ends  at  the  flight,  but  in  future  months  and  years,  air¬ 
lines  will  use  that  chip  for  all  sorts  of  advances.” 

And  McCarran  does  not  want  to  be  an  island  in  its 
use  of  RFID.  “Soon  there  will  be  millions  of  [tagged] 
bags  going  into  other  airports,”  Shoemaker  says.  “The 
goal  is  to  connect  all  those  airports  to  create  an 
expanding  capability  that  will  benefit  all  of  aviation 
globally’ 

Once  the  bags  leave  McCarran,  Chippy’s  fate  is 
unclear. The  tag  could  be  on  a  flight  to  Boston  or  Berlin 
or  Bangkok.The  luggage  could  belong  to  a  convention- 
goer,  a  gambler,  or  a  couple  who  tied  the  knot.  Once 
travelers  retrieve  their  bags  at  the  destination  airport, 
Chippy  could  be  ripped  off  and  tossed  away  immedi¬ 
ately  Or  the  tag  could  sit  on  that  piece  of  luggage  in  a 
dark  closet  for  months.  Or  Chippy  might  live  on  in  some¬ 
body’s  wedding  scrapbook. 


Gittlen  is  a  freelance  technology  editor  in  Northboro, 
Mass.She  can  be  reached  at  sgittlen@charter.net. 


Google  Mini  -  A  cheap  GSA? 


To  many,  it  would  appear  that  the  Google  Mini  appliance 
at  $3,000  offers  many  of  the  same  features  as  the 
Google  Search  Appliance  but  at  about  a  tenth  of  the 
cost.  Be  forewarned:  The  Mini  is  limited  in  some  pretty 
important  areas. 

The  first  difference  lies  in  what  Mini  can  index. The  device  is 
limited  to  only  100,000  documents.  In  terms  of  crawling,  the 
Mini  uses  the  same  Google  algorithm  as  its  big  brother  and 
can  index  the  same  220  file  types.  However,  the  Mini  is  not 
able  to  negotiate  nearly  as  many  authentication  schemes  as 
the  Google  Search  Appliance.  The  Mini  is  limited  to  Basic 
Authentication  and  NT  LAN  Manager,  so  it  might  not  be  ade¬ 
quate  for  some  intranet  duties.  It  has  no  database  integration 
or  feed  support. 

Also,  the  Mini  does  not  support  numerous  collections. 
Instead,  it  supports  sub-collections,  which  do  not  easily  pro¬ 
vide  for  different  result  pages.  Results  with  subcollections  are 
calculated  differently  from  using  collections  under  the  Google 
Search  Appliance.  However,  during  testing  we  didn't  find  the 
results  to  be  tremendously  different,  though  this  might  vary 
depending  on  the  document  set  you  use  and  the  degree  of 
overlap  of  terms  and  content. 

The  Mini  is  not  a  terribly  fast  or  fault-tolerant  appliance.  The 


device  handles  roughly  one  query  per  second,  and  you  don’t 
get  a  fault-tolerant  RAID  array.  The  Mini's  snazzy  blue  paint 
job  doesn't  hide  what  appears  to  be  a  stock  1U  clone  com¬ 
plete  with  a  CD-ROM  drive  blocked  by  its  faceplate.  Like  its 
big  brother,  we  see  fun  hardware  polish  problems,  such  as  the 
lack  of  a  visible  light  on  the  front  of  the  device  to  indicate  the 
Mini  is  on. 

Finally,  the  Mini  also  lacks  most  of  the  administration  fea¬ 
tures  of  its  more  powerful  sibling,  including  SNMP  monitoring 
and  health  and  performance  logging. 

However,  for  all  its  differences,  you'll  find  the  Mini  to  be  similar 
to  the  Google  Search  Appliance,  The  device  provides  much  the 
same  degree  of  customization,  including  KeyMatch,  custom  out¬ 
put  formats,  Synonyms,  and  search  result  reporting. 

Given  its  limitations  the  Mini  is  a  likely  candidate  for  public 
sites  and  basic  intranets.  At  the  price,  you  can  hardly  buy  a 
rack-mounted  server  let  alone  get  a  nice  turnkey  search  facil¬ 
ity.  Even  as  a  proof-of -concept  project,  the  Mini  might  stand 
an  evaluation  by  organizations  looking  to  experiment  with 
improved  search,  and  it  provides  a  great  introduction  to  the 
technology  you  will  find  in  the  more  powerful  Googie  Search 
Appliance. 

—  Thomas  Powell 


Google 

continued  from  page  44 

around  300  queries  per  minute  (vs.  the 
Mini’s  rate  of  60  queries  per  minute  [see 
story,  right]).  Our  test  verified  that  the 
Google  Search  Appliance  unit  was  roughly 
four  times  faster  than  the  lower-end  unit.We 
were  able  to  increase  response  time  past  1 
second  per  query  under  heavy  load  well 
beyond  300  queries  per  minute,  but  we  did 
not  see  any  drop-off  that  would  suggest  the 
device  did  not  perform  to  specification. 

The  GB-1001  provides  monitoring  facili¬ 
ties,  including  graphs  on  queries  per  sec¬ 
ond,  an  event  log  detailing  basic  system 
activity,  and  a  device  health  report.  The 
device  is  also  SNMP-capable  and  provides 
MIB  for  basic  monitoring  of  device  health, 
crawler  status,  index  size  and  query  rates. 

The  most  valuable  reports  we  found  out¬ 
lined  the  number  of  searches  over  time  and 
the  common  keywords  and  queries.  Many 
corporate  Webmasters  pay  a  surprising  lack 
of  attention  to  search  activity  despite  the 
great  insight  it  provides  into  customer  in¬ 
tention,  so  we  are  glad  to  see  Google  mak¬ 
ing  this  data  easily  available  to  its  appliance 
customers.  For  those  looking  for  more  than 
these  standard  reports  provided,  the  GB- 
1001  offers  search  logs  in  a  common  log 
format,  useful  for  crunching  in  Web  log 


«  Powell  also  is  a  member  of  the  Network 
World  Lab  Alliance,  a  cooperative  of  the  pre¬ 
mier  testers  in  the  network  industry,  each 
bringing  to  bear  years  of  practical  experience 
on  every  test.  For  more  Lab  Alliance  informa¬ 
tion,  including  what  it  takes  to  become  a  part¬ 
ner,  go  to  www.networkworld.com/alliance. 


analysis  or  standard  reporting  systems.  We 
would  add  in  this  category  some  indication 
of  user  click  rates  on  various  search  terms, 
though  with  a  little  bit  of  work  you  could 
collect  that  data. 

Security  on  the  GB-1001  is  a  mixed  bag. 
Google  states  emphatically  that  the  box  is 
secured  because  it  comes  with  a  built-in 
firewall  allowing  access  on  permitted  ports 
only  Beyond  this  lone  measure,  we  found  a 
disturbing  security  posture  in  place. 

The  security  setup  for  the  GB-1001’s 
administration  environment  is  weak.  It’s 
strange  that  the  device  allows  you  to  create 
users  and  delegate  administrative  authority 


but  the  Web-based  administration  system 
does  not  provide  any  enforcement  on  pass¬ 
word  strength  or  length,  even  allowing  sin¬ 
gle-letter  passwords.  Couple  this  with  the 
fact  that  the  appliance  does  not  limit  pass¬ 
word  attempts,  which  means  that  it’s  vul¬ 
nerable  to  brute-force  password-guessing 
tools.  The  GB-1001  will  note  logon  failures 
in  its  event  log,  but  provides  little  to  work 
with  other  than  IP  address  and  full-event 
logging.  There  are  no  SSL  requirement  to 
access  the  administrative  back  end  and  no 
restrictions  to  IP  range  or  domain. 

The  GB-1001  has  its  rough  edges  notably 
in  hardware  design,  administration  and 


security  However,  the  overall  ease  of  use 
and  the  power  of  the  Google  search  algo¬ 
rithm  dwarf  the  limitations  of  the  appli¬ 
ance.  For  companies  looking  for  a  powerful 
yet  easy  to  administer  search  facility  the 
Google  Search  Appliance  gets  a  fairly  high 
ranking. 

Powell  is  the  hander  of  PINT,  a  San  Diego 
Web  development  and  consulting  firm.  He  is 
also  the  author  of  numerous  books  on  Web 
development  practices  including  JavaScript: 
The  Complete  Reference  and  Web  Design: 
The  Complete  Reference.  He  can  be 
reached  at  tpowell@pint.com 


HP  PROLIANT  BL20p  G3  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Intel®  Xeon1”  Processor  (3.60GHZ/2MB)' 

•  High  density:  Up  to  48  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager1":  Web-based  networked 
managment  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


HP  STORAGEWORKS  MSA1500cs 


Get  2TB  of  Storage  Free  ($2,800  Value)1 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 
■  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 

for  greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 


Download  a  free  I  DC  white  paper: 

Reducing  Total  Cost  of  Ownership 
Through  the  Use  of  Blade  Systems. 

Save  $750  instantly 

on  a  blade  enclosure  solution? 4 
See  Web  site  for  details. 


The  HP  ProLiant  BL20p  G3  blade  server  with  the  Intel5’  Xeon™  Processor  simplifies  server  management. 
Simple  to  set  up,  simple  to  monitor,  simple  to  manage,  it  all  starts  with  the  Rapid  Deployment 
Pack,  giving  you  an  automated  setup  process  to  configure  and  deploy  servers  at  a  high  volume 
and  a  rapid  pace.  Then  HP  Systems  Insight  Manager™  carefully  monitors  your  infrastructure, 
alerting  you  to  potential  problems  before  they  occur.  And,  whenever  you're  away  from  the  office, 
the  remote  management  features  let  you  manage  your  server  no  matter  where  you  are.  Plus,  you 
can  bundle  it  with  the  HP  StorageWorks  MSA1500  to  make  storing  your  data  simple,  scalable 
and  affordable.  So  with  HP,  you  get  more  expertise  before  you  buy,  more  technology  when  you 
do  and  more  support  after. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SUPPORT 


Call  1-866-356-6088 
Click  hp.com/go/bladesmag8 
Visit  your  local  reseller 


1 .  Intel's  numbering  is  not  a  measurement  of  higher  performance.  2.  Recenre  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1 500  cs  devices.  3.  Save  $750  instantly  on  the  purchase  of  any  HP  BladeSystem  pCIass  enclosure.  Offer  valid  through  7/31/05. 4.  Save  $750  instantly  on  the  purchase  of  a  BladeSystem 
pCIass  1U  power  enclosure  solution.  Offer  valid  through  10/31/05.  All  offers  available  from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient’s  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography 
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Pay-as-you-go  pricing  picks  up 

As  more  vendors  offer  software  as  a  service,  be  aware  of  potential  pitfalls. 


BY  DENISE  DUBIE 


Software  as  a  service  can  benefit  customers  looking  to  bring  specific 
application  expertise  in-house  without  committing  to  a  large  upfront 
investment.  On  the  other  hand,  an  alternative  licensing  model  could 
impede  integration  with  other  applications. 


providers  protect  their  data,  ensure  maximum  uptime  — 
with  vendor  penalties  if  service-level  agreements  aren’t 
met  — and  meet  a  specific  business  need. 

“If  IT  managers  find  it’s  difficult  to  integrate,  or  the 
degree  of  customization  is  high,  then  SaaS  is  not  the 
right  choice  for  them,”  Herbert  says.The  trend  for  SaaS  is 
growing  among  mid-market  customers,  but  it’s  not  for 
highly  customized  and  specialized  IT  shops.”B 


Striking  a  balance  between  licensed  and  hosted  soft¬ 
ware  and  incorporating  pay-as-you-go  pricing  will  require 
network  managers  to  bone  up  on  their  contract  skills, 
make  sure  integration  is  possible  and  work  with  vendors 
to  find  the  model  that  best  suits  their  companies. 

Offered  by  vendors  such  as  NetSuite,  Salesforce.com 
and  SuccessFactors,  SaaS  involves  hosting  all  or  parts  of 
an  application  and  charging  customers  on  a  monthly  or 
annual  subscription  basis.Pay-as-you-go  applies  to  hard¬ 
ware,  too,  in  which  customers  pay  for  the  processing 
power  and  storage  capacity  they  use. 

According  to  research  firm  Saugatuck  Technology  CIOs 
are  expected  to  use  about  14%  of  their  2005  IT  infrastruc¬ 
ture  budgets  on  pay-as-you-go  services  and  14%  of  appli¬ 
cation  budgets  on  software  delivered  as  a  service.The 
trend  toward  subscribing  to  software  and  paying  pro¬ 
cessing  and  capacity  based  on  what  is  used  is  more  pop¬ 
ular  among  business  executives  than  IT  staff,  Saugatuck 
says. 

SaaS  “empowers  business  units  by  enabling  them  to 
buy,  deploy  and  run  software  without  IT  involvement.  But 
many  business-led  SaaS  deployments  require  IT 
resources  in  phase  two  of  the  rollout  when  users  need  to 
integrate  with  other  systems  or  do  advanced  customiza- 
tions,”says  Liz  Herbert,  an  analyst  with  Forrester 
Research.“Businesses  must  start  involving  IT  upfront  to 
ensure  that  the  vendor  selected  has  the  architecture  to 
meet  phase  two  requirements.” 

For  Ross  McKenzie,  the  IS  director  at  Johns  Hopkins 
Bloomberg  School  of  Public  Heath  in  Baltimore,  the 
potential  draw  to  SaaS  license  models  lies  in  the  costs. 
While  McKenzie  doesn’t  currently  have  such  licenses,  he 
says  the  option  to  “stretch  payments  out  over  a  multiyear 
period”  appeals  to  him.“It  would  certainly  make  software 
more  affordable,”  he  says. 

Pricing  particulars 

Pay-as-you-go  services  offer  a  glimpse  into  the  utility 
computing  world  that  EMC,  HPIBM, Sun,  Unisys  and  oth¬ 
ers  envision.  Sun,  for  example,  offers  straightforward  Sun 
Grid  pricing  of  $1  per  CPU,  per  hour,  and  $1  per  gigabyte, 
per  month. 

Utility  computing  services  give  companies  a  way  to 
start  exploiting  new  technologies  before  all  the  pieces 


of  an  ideal  system  for  automating  data  centers  are 
deliverable.  Such  utility  computing  services  may  look 
like  traditional  outsourcing  and  application  service 
provider  deals  because  they  provide  customers  with 
flexibility  and  require  fewer  upfront  costs.  But  there 
are  differences,  such  as  paying  for  what  you  use 
instead  of  a  flat  fee. Those  services,  which  allow  cus¬ 
tomers  to  house  vendor  equipment  on  site,  differ  from 
common  outsourcing  setups  in  which  the  systems  are 
at  the  service  provider. 

“These  pricing  models  are  one  real  tangible  deliverable 
from  vendors’  utility  computing  plans,”  says  Jeff  Kaplan, 
managing  director  of  Thinkstrategies,  a  consultancy  in 
Wellesley,  Mass.“Most  companies  can  subscribe  for  soft¬ 
ware  as  a  service  rather  than  having  to  look  at  it  as  a 
capital  expense.” 

Forrester  Research  estimates  that  the  initial  cost  of  a 
hosted  application  is  about  $336,000  vs.  a  licensed  one 
at  $440,000.The  upfront  cost  savings  in  some  cases  mis¬ 
represent  the  ultimate  investment,  though.  According  to 
Forrester,  by  the  third  year  of  deployment,  the  cost  of  a 
hosted  application  starts  to  exceed  that  of  an  in-house 
licensed  application.  By  the  fifth  year  of  a  deployment, 
the  cumulative  cost  of  a  hosted  application  is  estimated 
at  more  then  $1.6  million,  while  the  licensed  software 
costs  about  $1.4  million  annually 

“One  downside  of  the  [SaaS]  model  is  it  tends  to  be 
more  expensive  in  the  long  run, ’’Forrester’s  Herbert 
says. 

Striking  a  balance 

While  there  are  noted  trade-offs  —  potential  costs  and 
integration  worries  —  industry  watchers  agree  that  SaaS 
models  can  benefit  IT  departments. 

“It’s  lower  risk  and  can  deliver  a  fast  return  on  invest¬ 
ment,”  Herbert  says.Thinkstrategies’  Kaplan  agrees: 
“Packaged  applications  are  difficult  to  implement  and 
expensive  to  maintain.  SaaS  costs  can  be  amortized  over 
time  as  well.” 

To  start,  treat  the  service  rollout  as  you  would  on¬ 
premise  deployments,  by  determining  the  business 
requirements  for  the  service,  dealing  with  the  vendor 
and  investigating  the  degree  of  customization  required 
for  the  service.  Make  sure  contracts  with  software  service 


Pros  and  cons  of  pay-as-you-go 

Software-as-a-service  pricing  models  are  expected 
to  grow  in  popularity  ... 

Percent  of  new  IT  infrastructure  spending  that  will  be  dtlmred  on 
a  pay-as-you-go  basis  2Q05-2009 
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...  but  research  shows  the  alternative  to  do-it- 
yourself  long-term  licenses  poses  challenges  to  IT 
staff. 


What  will  be  the  most  challenging  aspect  of  implementing  utility 
computing?*  other 


Evaluating  and  selecting 
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12.5% 

Measuring  the  impact 
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Selecting  the  right 
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Implementing  the 
new  solution 
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ongoing 
operations 
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'Respondents:  96  enterprise  IT  professionals 
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How  much  does  your  network  analyzer  see? 
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and  see  how  Observer  puts  you  in  the  driver's  seat  with  more 
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IPv6 

continued  from  page  1 

as  the  basis  for  the  next-genera¬ 
tion  Internet. 

Nonetheless,  with  agencies 
forced  to  upgrade,  government 
contractors,  hardware  and  soft¬ 
ware  vendors,  and  service  pro¬ 
viders  will  need  to  make  sure 
their  offerings  are  updated,  too. 
And  that  could  spur  adoption  in 
the  commercial  world. 

“If  the  government  deployed 
IPv6  on  a  worldwide  basis,  I 
believe  that  would  create  a  great 
catalyst  and  wonderful  assistance 
to  the  promotion  and  deploy¬ 
ment  of  IPv6  in  the  commercial 
sector^’  says  Jim  Bound,  chair  of 


ttlf  your  user 
base  starts  using 
a  protocol,  then 
your  back  end  has 
to  be  converted.  W 

David  Lane,  a  contractor  work¬ 
ing  with  the  U.S.  Department  of 
Veterans  Affairs 


the  North  American  IPv6  Task 
Force,  a  volunteer  group  estab¬ 
lished  to  promote  the  adoption 
and  deployment  of  IPv6.“I  believe 
enterprises  are  in  tune  and  aware 
of  IPv6  today 

Yet  others  say  if  the  federal 
agencies  that  will  be  forced  to 
upgrade  to  IPv6  in  less  than 
three  years  aren’t  yet  sold  on  the 
protocol’s  benefits,  private-sector 


organizations  that  aren’t  under 
such  pressure  are  even  less  con¬ 
vinced.  A  recent  study  of  349 
government  and  industry  IT 
decision  makers  sponsored  by 
Juniper  indicated  7%  consider 
the  protocol  “very  important”  to 
achieving  their  IT  goals. 

The  government’s  move  to  IPv6 
“is  going  to  resonate  with  compa¬ 
nies,  if  only  from  the  perspective 
that  large  technology-support 
companies  will  have  to  migrate  to 
understand  what  their  customers 
are  doing,” says  David  Lane, a  con¬ 
tractor  working  with  the  US. 
Department  of  Veterans  Affairs 
(VA).“If  your  user  base  starts  using 
a  protocol,  then  your  back  end 
has  to  be  converted  ...  so  it  will 
trickle  down,  but  I  don’t  think  it 
will  be  a  big  bang.” 

However,  it  has  happened  in  the 
past  that  when  the  government 
requires  a  technology  be  used  by 
its  agencies,  the  commercial  sec¬ 
tor  falls  in  line. 

“When  the  [General  Services 
Administration]  said  everything 
must  be  submitted  to  it  in  DOS 
format,  that  made  Microsoft  the 
monopoly  says  Joel  Coulter,  presi¬ 
dent  of  consulting  firm  Joel 
Coulter  and  Associates  and  an 
IPv6  advocate.  Government  adop¬ 
tion  of  technology  “is  one  way  to 
spur  market  forces.  But  the  key 
word  is  transition;  the  market 
needs  a  catalyst  for  transition.” 

Once  the  OMB  sets  policy  that 
IPv6  must  be  implemented 
throughout  the  federal  govern¬ 
ment  by  2008,  agencies  will  have 
their  reason  to  upgrade  —  they’ll 
have  no  choice.  But  that  doesn’t 
mean  the  IT  decision  makers  in 
these  agencies  believe  it  will  be 
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Glacial  progress 

Department  of  Defense  aside,  only  a  handful  of  the  24  largest 
federal  agencies  have  done  any  IPv6  preparation. 


Performed  an  inventory  of  IPv6- 
capable  equipment: 

Performed  inventory,  established  a 
business  case,  estimated  cost: 

Department  of  State 

National  Science  Foundation 

Department  of  Transportation 

Small  Business  Administration 

SOURCE:  GENERAL  ACCOUNTING  OFFICE 


the  best  use  of  their  budgets  and 
talent. 

Shortly  after  the  OMB  revealed 
its  policy  plans  for  IPv6  in  late 
June,  Lane’s  supervisor  asked  him 
how  the  VA  should  plan  its  transi¬ 
tion  to  the  protocol,  because  the 
agency’s  CIO  inquired  about  the 
subject.  Unfortunately  there’s  no 
easy  answer.  “Saying  the  federal 
government  is  going  to  convert  to 
IPv6  is  like  saying  today  we’re  all 
riding  bicycles  and  tomorrow 
we’re  going  to  drive  cars. . . .  It’s  a 
completely  new  way  of  doing 
business,”  Lane  says.This  is  one  of 
those  things  where  there  is  noth¬ 
ing  that  really  compels  us  to  make 
the  change.  IP  is  like  water;  we  all 
need  it  to  survive,  but  it’s  not  very 
sex/ 

The  OMB  has  outlined  a  num¬ 
ber  of  advantages  offered  by  IPv6, 
including  expanded  address 
space  (although  most  U.S.  compa¬ 
nies  and  government  agencies 
have  found  ways  around  this  limi¬ 
tation  in  IPv4);  improved  security 
and  information  routing;  en¬ 
hanced  mobility  features;  and 
simplified  activation,  configura¬ 
tion  and  operation  of  networks 


and  services. 

Yet  in  the  eyes  of  many  govern¬ 
ment  IT  executives,  these  benefits 
pale  in  comparison  to  the  pains 
associated  with  upgrading.  The 
biggest  hurdle  standing  in  the 
way  of  IPv6  adoption  among  fed¬ 
eral  government  agencies  is  cost, 
in  part  because  many  agencies 
don’t  keep  pace  with  the  com¬ 
mercial  world  when  it  comes  to 
upgrading  to  new  technology  So 
while  vendors,  including  Micro¬ 
soft  and  Cisco,  have  allowed  for 
IPv6  in  their  products  for  the  past 
few  years,  agencies  might  not  yet 
have  those  versions. 


However,  the  OMB  could  set 
aside  funds  dedicated  to  IPv6 
transitioning,  which  would  mean 
agencies  wouldn’t  have  to  take 
money  for  upgrading  from  exist¬ 
ing  budgets,  Coulter  says.  Such 
funding  would  be  managed  by  a 
separate  transition  office  that 
would  also  promote  information 
sharing  among  agencies. 

Other  hurdles  include  training 
staffers  to  understand  the  new 
protocol,  maintaining  backward 
compatibility  with  IPv4,  and  en¬ 
suring  ongoing  security  while 
the  transition  to  IPv6  is  under¬ 
way.  ■ 


Fiyitsu  software  to  tackle 
enterprise  information 


BY  MARTYN  WILLIAMS,  IDG  NEWS  SERVICE 

Fujitsu  is  developing  two  applications  that  could 
help  companies  make  better  use  of  their  data  and 
better  handle  information  flowing  into  their  organi¬ 
zations. 

The  first  is  a  search  tool  for  the  “semantic  Web,” 
which  refers  to  the  interconnected  servers  filled 
with  information  that  is  tagged  so  it  can  be  under¬ 
stood  easily  by  machines.  Called  the  Business 
Information  Navigator,  it  uses  this  metadata  to  spot 
relationships  between  documents  spread  through¬ 
out  an  organization  and  deliver  search  results  that 
are  more  focused  than  is  possible  now  with  a  sim¬ 
ple  text  search. 

The  idea  is  that  with  better  tagging  and  more 
metadata,  such  as  XML  and  resource  description 
framework,  a  company  could  derive  much  more 
value  from  its  data.  Fujitsu’s  Navigator  attempts  to 
tag  documents  automatically  and  works  as  a  search 
engine  for  this  tagged  data. 

The  software  was  demonstrated  at  the  recent 
Fujitsu  Forum  2005.  During  that  demo,  working  with 
a  sample  database,  a  search  was  performed  for 
“XML.”  This  brought  up  a  number  of  hits,  which 
were  displayed  as  a  spider  map,  a  graphical  repre¬ 
sentation  of  the  results  in  which  their  position  and 
size  on  the  graph  signifies  their  importance.  Lines 
between  the  results  showed  the  strength  of  the  rela¬ 
tionships  between  them.  Further  clicks  allowed  the 


data  to  be  explored  by  author  or  division,  so  a  user 
could  learn  quickly  the  leading  authorities  on  XML 
within  the  company  and  in  which  divisions  they 
worked. 

Fujitsu  is  testing  the  system  with  a  domestic  finan¬ 
cial  institution  it  wouldn’t  name. 

The  company’s  second  piece  of  software  is  aimed 
at  helping  manage  the  flow  of  information  coming 
from  outside  a  company  and  uses  the  RSS  format. 
Using  an  RSS  reader  client  and  a  corporate  RSS 
server,  the  software  is  on  trial  at  Fujitsu. 

The  client  can  monitor  RSS  feeds,  like  any  other 
such  reader,  but  has  additional  features, all  of  which 
are  enabled  by  the  server.  The  first  is  the  ability  to 
tag  an  item  that  has  appeared  in  an  RSS  feed  as 
being  of  interest  to  other  people  in  the  same  work¬ 
group.  When  this  occurs,  the  information  is  com¬ 
municated  to  the  server  and  is  sent  to  other  RSS 
clients  in  the  workgroup. 

The  server  can  also  make  an  RSS  feed  from  any 
Web  page  and  so  enable  tracking  of  changes  made 
to  a  Web  site.  To  do  this,  the  system  examines  the 
Web  page  and  tries  to  decide,  based  on  position  on 
the  page  and  presence  of  times  or  dates,  what  items 
are  likely  to  change  and  what  parts  of  the  page  can 
be  ignored. 

Fujitsu  expects  both  pieces  of  software  to  be  avail¬ 
able  within  the  current  fiscal  year,  which  ends  the 
last  day  next  March.  ■ 
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Mark  Gibbs 


Stepping  in  front  of  the  freight  train 


"There  are,  and  always 
have  been,  people  who 
know  how  to  crash  the 
Internet  but  have  so  far 
chosen  not  to  do  so.” 

—  Stephen  Cobb,  Certified  Information 
Systems  Security  Professional  and  author 
of  Privacy  for  Business 

Not  many  of  us  would  choose  to  step  in  front  of  a 
freight  train  going  at  full  speed,  but  last  week  at  the 
Black  Hat  Briefings  conference  in  Las  Vegas  a  gentleman 
by  the  name  of  Michael  Lynn  did  more  or  less  just  that. 
Roughly  two  hours  after  his  resignation  from  the  compa¬ 
ny  Internet  Security  Systems  (ISS)  he  gave  an  unsanc¬ 
tioned  talk  on  a  Cisco  router  vulnerability  (see  related 
story,  page  1). 

Make  no  mistake;  this  was  a  big  deal  because  this  vul¬ 
nerability  is  potentially  very  serious.  If  some  lunatic 
were  to  exploit  it  he  could  bring  down  the  entire 
Internet.  Sure,  go  back  and  read  that  last  sentence 
again.  I’m  not  exaggerating. 

In  front  of  a  rapt  audience  of  security  wonks,  Lynn 
announced, “I’m  not  giving  you  a  road  map  to  an 
exploit;  I’m  trying  to  prove  to  you  that  I’ve  done  it.”  He 
then  demonstrated  the  hack  —  reportedly  a  buffer 
overflow  exploit  —  without  revealing  the  exact  details. 


It  is  reported  that  the  exploit  took  all  of  5  seconds. 

What  Lynn  demonstrated  was  that  he  could  remotely 
access  a  Cisco  router  and  gain  the  highest  level  of 
access,  which  gave  him  the  ability  to  do  anything  from 
degrading  performance  or  monitoring  traffic  to  dis¬ 
abling  the  router  completely. 

The  problem  is  that  because  much  of  the  Internet 
relies  on  Cisco  routers,  this  is  pretty  serious  stuff.  Cisco 
did  fix  this  issue  some  months  ago,  but  —  of  course  — 
many  companies  have  yet  to  upgrade  their  router 
firmware.  Lynn  said  if  the  router  owners  “upgrade  their 
firmware,  they’ll  probably  be  fine.” 

Now  you  might  be  saying, “But  we  don’t  rely  on  Cisco 
routers,  so  we’re  OK  . . .  aren’t  we?”  I’m  afraid  not,  my 
friend,  because  you  do  business  with  other  companies 
(for  example,  your  banks,  your  partners,  your  suppliers, 
your  customers)  that  do  use  Cisco  routers,  and  if  they 
go  offline,  then  for  all  intents  and  purposes  so  do  you. 
So  do  we  all. 

The  presentation  had  apparently  previously  been 
approved  by  Cisco  and  ISS,  but,  according  to  various 
sources,  Cisco  got  cold  feet  and  wanted  the  presenta¬ 
tion  canceled,  and  ISS  acquiesced.  But  Lynn  saw  a 
higher  calling,  because  recently  (for  the  second  time) 
the  source  code  for  IOS,  the  operating  system  that  runs 
Cisco  routers,  was  stolen. 

Lynn  asked  his  audience, “Can  anyone  think  why  you 


would  steal  [the  source  code]  if  not  to  hack  it?”  He 
continued, “I’m  probably  about  to  be  sued  to  oblivion. 
[But]  the  worst  thing  is  to  keep  this  stuff  secret.” 

Whether  vulnerabilities  should  be  revealed  has  been 
a  hot  topic  over  the  last  few  years,  and  that  is  precisely 
the  reason  that  Lynn’s  discussion  of  the  IOS  vulnerabili¬ 
ty  was  equivalent  to  him  jumping  in  front  of  a  freight 
train.  His  personal  train  is  labeled  Cisco  and  ISS. 

As  a  result  of  going  public  with  this  information  Lynn 
faces  litigation  from  Cisco  and  ISS.  And  even  the  organiz¬ 
ers  of  the  Black  Hat  event  (which  thought  Lynn’s  presenta¬ 
tion  was  going  to  be  about  VoIP)  are  being  sued. 

It  doesn’t  take  a  mental  giant  to  see  there  is  no  value 
in  keeping  vulnerabilities  like  this  secret.  In  fact,  there’s 
actually  a  profound,  tangible  risk  that  a  disaster  could 
well  be  lying  in  wait  from  our  ignorance. You  know  the 
old  saying: “It  is  what  you  don’t  know  that  hurts  you.” 

Lynn  has  done  us  all  a  great  service.  What  we  need 
are  whistle-blower  laws  for  IT  to  protect  people  who 
step  forward  like  this.  Unfortunately,  when  you’re  in  the 
path  of  a  freight  train  as  Lynn  is,  it  doesn’t  matter  what 
you  know  or  not.You’re  going  to  get  hurt. 

Do  you  hear  a  whistle?  Tell  backspin@gibbs.com. 
And  check  Gearblog  at  www.networkworld.com/ 
weblogs/ gearblog  for  items  mentioned  in  this  column.  A 
special  thanks  to  Stephen  Cobb  for  his  input. 
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CTO  with  a  bug . . .  well,  you  know  where 

It's  not  every  day  that  a  CTO  at  a  well-known  com¬ 
pany  accuses  me  of  exhibiting  callous  disregard  for 
human  life.  In  fact,  I'm  fairly  certain  that  what  you're 
Paul  McNamara  about  to  read  constitutes  a  first. 

I  am  innocent,  of  course  . . .  even  though  that’s  what 

they  all  say. 

But  if  you  buy  into  this  gentleman’s  reasoning  and  apply  it  to  the  lowercase  net¬ 
work  world  at  large,  I  am  by  no  means  the  only  suspect  party:  A  significant  num¬ 
ber  of  you  —  yes,  you,  Mr.  and  Ms.  Network  Manager  —  may  need  to  do  a  little 
soul-searching  about  your  attitudes  toward  . . .  would  you  believe,  WeatherBug? 

The  background:  A  May  30  column  here  (see  www.networkworld.com, 

DocFinder:  8255)  discussed  ongoing  efforts  by  WeatherBug  to  shake  its  image  as 
a  network  nuisance  and  sell  corporate  America  on  the  idea  that  this  popular 
weather-monitoring  and  emergency-alert  software  is  also  a  valuable  business 
tool. The  campaign  came  to  my  attention  in  the  spring  at  Interop  in  Las  Vegas, 
where  WeatherBug  had  employees  glad-handing  attendees.The  column  was  more 
milquetoast  than  broadside,  as  it  consisted  almost  entirely  of  WeatherBug  execu¬ 
tives  making  their  case  and  me  dutifully  recounting  it. 

But  I  did  note  that  the  company  has  a  difficult  sales  job  ahead,  especially  among  IT 
types,  and  added:  "They  could  start  with  my  colleague  in  Network  World's  IT  depart¬ 
ment,  who  when  asked  for  his  thoughts  about  WeatherBug  chewed  my  ear  off  for  45 
minutes.  His  beef  in  a  nutshell:  WeatherBug  has  no  meaningful  purpose  on  a  typical 
business  desktop,  and,  much  like  any  unauthorized  application,  consumes  resources 
unnecessarily  and  runs  the  risk  of  causing  unanticipated  trouble." 

That  assessment  apparently  was  beyond  the  pale  for  WeatherBug  CTO  and 
founder  Christopher  Sloop,  who  fired  back  with  a  blog  missive  (see  DocFinder: 
8254).  Fair  enough,  except  that  Sloop  may  have  gone  just  a  teensy  bit  overboard. 

The  headline  on  his  piece:  “Dear  Network  World:  What  is  an  employee’s  life 
worth?” 

My  first  thought  was:  "Depends  on  which  employee  we’re  talking  about." 


But  Sloop  was  clearly  in  no  mood  for  insouciance.  His  blog  entry  begins: 

"Let  me  ask  a  quick  question.  Is  your  life  worth  0.003%  of  your  CPU,  10M  bytes  of 
RAM  and  25  bits  per  second  of  bandwidth  usage? That  is  all  it  will  cost  your  com¬ 
pany  to  install  the  free  version  of  WeatherBug!  0.003%  CPU,  10M  bytes  of  RAM 
and  25  bits  per  second  of  bandwidth  to  make  sure  your  employees  will  be  quickly 
alerted  in  case  of  a  disaster!” 

"Clearly  Mr.  McNamara's  IT  person  is  not  aware  of  WeatherBug's  ability  to  alert 
employees  of  severe  weather,  civil  emergencies  and  Homeland  Security  emergen¬ 
cies.  If  the  technology  exists  that  could  save  an  employee's  life  and  contribute  to 
their  safety,  why  is  it  not  being  used  on  all  computer  desktops?” 

That  question  brings  us  back  to  you  folks.  After  all,  I  am  but  a  lowly  trade-press 
pundit  whose  control  of  desktops  begins  and  ends  with  the  PC  in  my  basement.  As 
for  my  IT  colleague,  his  ability  to  save  or  endanger  lives  through  desktop  applica¬ 
tion  management  is  similarly  limited  by  the  fact  that  Network  World  is  a  small 
company. 

However,  some  of  you  oversee  vast  swaths  of  PCs  numbering  in  the  thousands 
and  tens  of  thousands.  Are  they  all  up-to-date  with  the  latest  version  of 
WeatherBug?  ...  I  didn't  think  so. 

And,  let's  be  honest  here,  it  gets  worse.  Not  only  has  widespread  adoption  of  this 
lifesaving  application  failed  to  take  hold  in  corporate  networks,  it  is  my  under¬ 
standing  that  many  of  you  have  gone  so  far  as  to  expressly  prohibit  —  prohibit!  — 
the  use  of  WeatherBug  in  your  organizations. 

How  do  you  sleep  at  night? 

Oh,  all  right,  I  suppose  I  should  lighten  up  on  the  guy.  He’s  only  standing  up  for 
his  company,  and  he's  a  technologist,  not  a  marketer. 

But  his  ham-handed  pitch  did  remind  me  of  those  Michelin  tire  commercials 
where  a  cuddly  baby  nestled  inside  a  radial  is  supposed  to  shame  parents  into 
whipping  out  their  credit  cards. 

“Buy  our  tires,  or  kiss  your  baby  goodbye”  is  no  way  to  sell  tires  ...  or  software. 

Bugged,  too?  The  address  is  buzz@nww.com. 
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NetVanta  1224R/1224STR  Series 

All-in-One  Access  Platform  with 
Switch/Router/Firewall/VPN/DSU/CSU 


802.3af 
Power  over 
Ethernet 


NetVanta  1224/1224ST  Series 

Managed  Fast  Ethernet  and 
Powered  Ethernet  Switches 


NetVanta  1524ST 

Managed  Gigabit  Ethernet  Switch 


NetVanta  340 

Business-class  ADSL2*  Router 


NetVanta  3200 

Modular  2xTl/ADSL2-  Branch  Office 
Routers  with  Firewall/VPN/Voice/Diai  Backup 


NetVanta  3205/3305/4305 

Modular  2xT1/3xTl/8xT1  Routers  with 
Firewall/VPN/Voice/Dial  Backup 


NetVanta  5305 

Modular  2xT3  Router  with  Firewall/VPN 


NetVanta  2050/2054/2100 

Rome  Office/Small  Office  VPN  Gateways 
with  firewall/Multi-Port  Switch 


NetVanta  2300/2400 

Medium  to  Large  Office  VPN 
Gateways  with  Firewall 
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Lower  network 
costs  without 
compromising 
quality,  performance, 
or  support  —  with 
- v  NetVanta. 


VoIP 

Ready 


Is  voice  and  data  networking  costing  you  more  than  it  should? 

You  no  longer  have  to  pay  premium  prices  for  brand  name 
gear  to  perform  customary  internetworking  tasks.  With  the 
NetVanta  Series  from  ADTRAN";  you  can  implement  the  exact 
internetworking  functionality  yon  need,  at  a  cost  that’s 
/ork  often  50%  less  than  competing  brand  name  solutions, 
lout  Choose  from  switching,  routing,  and  VPN  platforms, 
sing  Modular  chassis  and  deep  product  lines  let  you  pick 
ince«  and  choose  just  the  right  solution  for  any  application  — 
wth  data,  voice,  VoIP,  Internet,  backup,  and  management 
anta.  across  netwo  anging  from  56  kbps  to  GigE.  Every 

solution  is  backed  by  a  100%  satisfaction  guarantee  from 
ADTRAN,  unlimited  telephone  technical  support  (before  and 
after  the  sa\e),free firmware  upgrades,  and  a  full  5-year  warranty. 


Why  pay  more  (when  you  don’t  have  to)? 


W. 


Register  to  win  a  free  NetVanta  1224STR  now!  <  $ 

wwi/v.  a  dtra  n .  com/rightprice  /  1 


Have  a  question  about  network  design?  How  to  implement 
VoIP  in  your  network?  Our  network  engineers  are  standing  by. 

800  597  9602  Technical  Questions 
877  280  8416  Where  to  Buy 


The  Network  Access  Com  ny 
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